Music Cog
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: music-cog Version: 1.0.10 The music-cog skill bundle is a standard integration for the CellCog AI music generation service. The SKILL.md file provides legitimate documentation, usage examples, and configuration instructions for an AI agent to generate audio tracks. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the required environment variable (CELLCOG_API_KEY) and dependencies (cellcog) are consistent with the stated purpose of the tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill means the agent can submit music-generation requests using your CellCog API key.
The skill requires a CellCog API key, which gives the agent access to the user's CellCog account or quota for music generation.
requires:\n bins: [python3]\n env: [CELLCOG_API_KEY]
Use a dedicated, revocable CellCog API key if possible, monitor usage, and avoid granting broader account access than needed.
Prompts, lyrics, style references, and other creative instructions may be processed by CellCog's service.
The skill sends the user's task prompt to CellCog using an agent-mode chat API, creating an external provider data boundary.
result = client.create_chat(\n prompt="[your task prompt]",\n task_label="my-task",\n chat_mode="agent",\n)
Do not include secrets or confidential material in music prompts unless you are comfortable sharing them with CellCog under its terms.
A requested music-generation job may continue running after submission until CellCog completes it and sends a notification.
The OpenClaw example starts an asynchronous provider task that later notifies the session. This is disclosed and aligned with long-running music generation, but it is still background agent activity.
**OpenClaw (fire-and-forget):**\n```python\nresult = client.create_chat(\n prompt="[your task prompt]",\n notify_session_key="agent:main:main",\n task_label="my-task",\n chat_mode="agent",\n)
Use clear task labels, submit only intended prompts, and monitor or cancel provider tasks if the CellCog workflow supports cancellation.
If you install the referenced SDK yourself, package provenance and version selection affect the trustworthiness of the runtime code.
The skill depends on an external Python SDK/package named cellcog, but the provided artifacts do not include an install spec or pinned package version.
dependencies: [cellcog]\n...\nfrom cellcog import CellCogClient
Install the CellCog SDK only from the official source recommended by CellCog, and prefer pinned or verified versions where possible.