Think Cog
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing it must provide a service credential; misuse of that key could affect the user's CellCog account or billing depending on provider settings.
The skill requires a CellCog API key, which is expected for this integration but gives the skill/SDK access to act through the user's CellCog account.
requires:\n bins: [python3]\n env: [CELLCOG_API_KEY]
Use a dedicated or scoped CellCog API key if available, avoid sharing the key in prompts or logs, and revoke it if no longer needed.
Business plans, technical details, personal decisions, or other sensitive context included in prompts may be transmitted to the external CellCog service.
The workflow sends user task prompts to CellCog's agent chat service; the skill also encourages sharing rich context for better results.
result = client.create_chat(\n prompt="[your task prompt]",\n task_label="my-task",\n chat_mode="agent",\n)
Review CellCog's data handling terms before use and avoid sending secrets, regulated data, or confidential material unless you are comfortable with that external processing.
A task could keep running remotely until completion, so users may not see every intermediate step unless they monitor the chat or notifications.
The documented OpenClaw flow starts an asynchronous remote CellCog task that may continue after the initiating call returns.
**OpenClaw (fire-and-forget):**\n```python\nresult = client.create_chat(\n prompt="[your task prompt]",\n notify_session_key="agent:main:main",\n task_label="my-task",\n chat_mode="agent",\n)
Use clear task labels, monitor returned chat IDs or notifications, and avoid fire-and-forget prompts for sensitive or high-impact actions.
Security and behavior also depend on the separately installed CellCog package and referenced CellCog documentation.
The skill relies on the external CellCog SDK/package, and the reviewed artifact set does not include that package's code or a pinned install specification.
dependencies: [cellcog]
Install the CellCog SDK only from a trusted source, prefer pinned versions, and review provider documentation before granting credentials.