Data Cog
PassAudited by ClawScan on May 1, 2026.
Overview
Data Cog appears to be a purpose-aligned data-analysis skill, but it relies on a CellCog API key, an external SDK/service, and cloud-style agent execution that users should understand before use.
Before installing, confirm you trust CellCog with the datasets you plan to upload, use a controlled API key, watch for paid usage, and install the CellCog SDK only from a trusted official source.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your uploaded datasets may be processed by code running through the CellCog workflow, producing files, charts, models, or reports.
The skill discloses that CellCog executes Python-backed analysis on the user's data. This is central to the stated purpose, but it is still more powerful than a prompt-only helper.
“Full Python access for everything from data cleaning to ML model evaluation.” / “CellCog runs the code for you”
Only submit files you intend to analyze with CellCog, and review prompts carefully before starting agent-mode tasks.
Using the skill may consume CellCog account quota or paid credits, and anyone with the key could potentially act through that account.
The skill requires a service API key and the registry signals that the credential may authorize sensitive or paid actions. This is expected for an external analysis service, but it is account authority.
“Required env vars: CELLCOG_API_KEY” and capability signals include “can-make-purchases” and “requires-sensitive-credentials”
Use a dedicated, least-privileged CellCog API key if available, monitor usage, and avoid putting the key directly into prompts or shared files.
Security depends partly on the trusted CellCog package/service and the referenced SDK documentation, not just this SKILL.md file.
The instruction-only skill depends on an external SDK and references another skill for details. That is coherent with the integration, but the actual SDK/source is outside the provided artifact contents.
“dependencies: [cellcog]” and “read the **cellcog** skill for the full SDK reference”
Install the CellCog SDK only from the official source, verify the package name and publisher, and prefer pinned or reviewed versions where possible.
Task prompts, filenames, and analysis results may pass through CellCog and configured agent-provider channels.
The examples show prompts and task results moving through CellCog agent/provider workflows and an OpenClaw notification session. This is expected for the service, but users should recognize the data-sharing boundary.
“client.create_chat(... notify_session_key=\"agent:main:main\", ... chat_mode=\"agent\")” and “agent_provider=\"openclaw|cursor|claude-code|codex|...\"”
Avoid uploading confidential datasets unless CellCog's data-handling terms meet your needs, and keep task prompts limited to the data required for the analysis.