ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cowork Cog

v1.0.3

The first co-work platform designed for agents. Give CellCog's sub-agent direct access to your machine — terminal, file system, development environment. Auto...

0· 64·1 current·1 all-time
byCellCog@nitishgargiitd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (agent co-work / machine access) align with the instructions to call the CellCog SDK and enable machine access. It sensibly depends on a separate 'cellcog' skill for SDK/setup, which the SKILL.md references. However, the skill promises platform-level behaviors (auto-approval, path blocking, output sanitization) without declaring what privileges or environment variables the underlying 'cellcog' integration requires or how those policies are enforced.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to enable full terminal, file-system, and development-environment access and to auto-approve operations for agent workflows. Those instructions grant broad, potentially destructive powers and rely on unspecified blocking/sanitization rules. The document does not enumerate blocked paths, approval semantics, audit/logging, or how redaction is performed — leaving the agent discretion and a large attack surface.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so it does not itself write or execute code on disk. It references installing the separate 'cellcog' skill via 'clawhub', which is a reasonable delegation. There are no downloaded URLs or archives in this skill to evaluate.
Credentials
The skill declares no required environment variables or credentials, yet claims machine-level access and path-based blocking. Either the required credentials and permissions are handled by the referenced 'cellcog' skill (not shown), or the security model is under-specified. The lack of declared required credentials makes it hard to assess whether requested access is proportionate.
!
Persistence & Privilege
always:false (good) but the skill explicitly endorses 'auto-approval for agent workflows' while model invocation is allowed. Autonomous agent invocation combined with auto-approval of machine operations increases risk: an agent could perform file, command, or environment changes without human intervention. The SKILL.md provides no mitigation details (time limits, allowlists, audits).
What to consider before installing
This skill instructs agents to get direct terminal and filesystem access and to auto-approve agent-run operations — a high-risk capability if misused. Before installing or enabling: 1) Inspect the referenced 'cellcog' skill code/policies to verify how authentication, allowlists, blocked paths (e.g., ~/.ssh, ~/.aws), and output redaction are actually implemented. 2) Require human approval for any write/execute actions (disable 'auto-approval' if possible). 3) If you must test, run CellCog in an isolated VM/container with no secrets mounted and enable detailed logging/auditing. 4) Do not grant this to untrusted agents or use on machines with sensitive credentials until you confirm concrete safeguards. If you cannot review the underlying implementation or disable auto-approval, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk974p5agyf9jva2fa45tzxedwd84bht8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis
OSmacOS · Linux

Comments