Back to skill

Security audit

Code Cog

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed coding-agent skill that gives CellCog local project file and terminal access, which is powerful but consistent with its stated purpose.

Install this only if you want CellCog to work on local projects. Keep cowork_working_directory narrow, avoid enabling write auto-approve unless you accept unattended code and command changes in that directory, review terminal/write approvals, and protect the CELLCOG_API_KEY.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `HumanComputer_Terminal_File_Edit` — Edit files on the user's machine

### Safety Model
- **Read operations** are auto-approved (no interruption)
- **Write/execute operations** require user approval in the CellCog web UI
- Users can configure auto-approve for reads/writes within the working directory
- Sensitive paths (credentials, SSH keys) are always blocked
Confidence
90% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Safety Model
- **Read operations** are auto-approved (no interruption)
- **Write/execute operations** require user approval in the CellCog web UI
- Users can configure auto-approve for reads/writes within the working directory
- Sensitive paths (credentials, SSH keys) are always blocked

---
Confidence
91% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **macOS and Linux only** — CellCog Desktop (Co-work) is not yet available on Windows
- **CellCog Desktop required** — Without Co-work, CodeCog can still write code in its Docker workspace, but cannot access the user's machine directly
- **User approval for writes** — Write operations pause for user approval (configurable auto-approve available)
Confidence
89% confidence
Finding
auto-approve

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.