Travel Cog
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: travel-cog Version: 1.0.11 The travel-cog skill bundle consists of metadata and documentation for an AI travel planning tool. It relies on an external Python dependency 'cellcog' and requires a 'CELLCOG_API_KEY'. The SKILL.md file provides standard usage instructions and examples for travel research without any signs of malicious code, data exfiltration, or prompt-injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill requires providing a CellCog credential, which may allow API usage or charges under that CellCog account.
The skill requires a CellCog API key, which is expected for an external CellCog-powered service but still gives the integration account-level access to that provider.
requires:
bins: [python3]
env: [CELLCOG_API_KEY]Use a dedicated, revocable CellCog API key if possible and monitor provider usage.
Installing the package may run code supplied outside this instruction-only artifact.
The setup path depends on installing the external CellCog package without a pinned version in the artifact instructions; this is purpose-aligned but relies on external package provenance.
**Manual setup:** `pip install -U cellcog` and set `CELLCOG_API_KEY`.
Install CellCog only from a trusted source, verify the package name/source, and prefer version pinning where your environment supports it.
Travel details included in prompts may be processed by CellCog rather than staying only inside the local agent conversation.
The user's travel prompt is sent into CellCog's chat workflow; this is central to the skill, but prompts may contain personal travel dates, budgets, preferences, or constraints.
result = client.create_chat(
prompt="[your task prompt]",
task_label="my-task",
chat_mode="agent",
)Avoid including unnecessary sensitive information such as passport numbers, payment details, or private account credentials in travel prompts.
A travel-planning task may keep running in the provider workflow after the initial request rather than blocking locally until completion.
The skill documents an asynchronous fire-and-forget mode for CellCog tasks. This is disclosed and aligned with research/itinerary generation, but it means a task may continue after being launched.
**OpenClaw (fire-and-forget):**
Use clear task labels and bounded prompts, and avoid launching open-ended tasks unless you intend the external agent workflow to continue.