Cowork Cog

v1.0.9

AI pair programming powered by CellCog Desktop. Code, debug, refactor, and build directly on the user's machine. Terminal access, file operations, full devel...

⭐ 0· 193·1 current·1 all-time

byCellCog@nitishgargiitd

Security Scan

Capability signals

CryptoRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description match the instructions: it's an agent that uses a CellCog desktop bridge to run commands and edit files on the user's machine. That capability legitimately requires a desktop app and an API key. However, the skill metadata declares no required credentials or config paths even though the SKILL.md shows the desktop CLI requires a CELLCOG_API_KEY and installers; that omission is an incoherence (the skill should declare its primary credential).

Instruction Scope

The SKILL.md instructs agents to programmatically fetch platform-specific installers (via get_desktop_download_urls()), run install commands, and run the cellcog-desktop CLI to set an API key and start the app. It also enables fully autonomous execution ('auto-approved' for agents) and allows the agent to read/write the provided cowork_working_directory. These instructions give the agent broad discretion to execute downloaded installers and arbitrary commands under the working directory. The document also asserts protections (blocked paths, output redaction) but provides no mechanism in this skill to enforce or verify those protections.

ℹ

Install Mechanism

No install spec is bundled with the skill; instead, runtime instructions call into the cellcog SDK to return download URLs and shell install commands. That delegates installation risk to the external CellCog service and the 'cellcog' SDK. Because installers will be downloaded and executed at runtime, verify the origin and integrity of those downloads (the SKILL.md references cellcog.ai but gives no release-host guarantees).

Credentials

Registry metadata declares no required environment variables or primary credential, but the instructions clearly require a CELLCOG_API_KEY (set via cellcog-desktop --set-api-key). This mismatch means the skill will in practice request a credential that is not declared for user review. The skill also promises blocked access to ~/.ssh and ~/.aws, but those protections are only documented assertions in the SKILL.md and not enforced by this instruction-only bundle.

ℹ

Persistence & Privilege

always:false (normal). However, the SKILL.md emphasizes 'auto-approved' execution and examples that allow fire-and-forget agent runs that execute on the user's machine without further human approval. Autonomous invocation combined with installer execution and file/terminal access raises the blast radius — the skill itself does not request permanent platform-level presence, but it enables long-running, autonomous local actions once the desktop bridge and API key are configured.

What to consider before installing

This skill delegates execution to a local 'cellcog-desktop' app and the external 'cellcog' SDK. Before installing or enabling it: (1) Confirm you trust the vendor (cellcog.ai) and inspect the exact download URLs and installer checksums returned by get_desktop_download_urls() rather than running installers blindly. (2) Treat the CELLCOG_API_KEY as sensitive — the skill's metadata does not declare it even though the desktop CLI needs it. (3) Prefer manual installation and manual approval of any agent-driven actions, or restrict the cowork_working_directory to a non-sensitive test repo. (4) Verify the claimed protections (blocked ~/.ssh, ~/.aws and output redaction) with the vendor or by testing them in a safe environment — the SKILL.md simply asserts these protections. (5) If you need least privilege, avoid granting the skill wide filesystem or terminal access and require interactive approvals for install/start commands.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖥️ Clawdis

OSmacOS · Linux

latestvk97en6yvrhf9w9vph4ze9th24584t6hz

193downloads

0stars

10versions

Updated 5d ago

v1.0.9

MIT-0

macOS, Linux

Cowork Cog — CellCog on Your Machine

Co-work turns any machine into CellCog's workspace. CellCog Desktop acts as a bridge: CellCog's cloud agents coordinate with the desktop app to run commands, read files, and write code directly on the user's machine.

All commands are auto-approved for SDK/agent users — fully autonomous, no manual approval needed.

Prerequisites

This skill requires the cellcog skill for SDK setup and API calls.

clawhub install cellcog

How to Use

For your first CellCog task in a session, read the cellcog skill for the full SDK reference — file handling, chat modes, timeouts, and more.

OpenClaw (fire-and-forget):

result = client.create_chat(
    prompt="[your task prompt]",
    notify_session_key="agent:main:main",
    task_label="my-task",
    chat_mode="agent core",
    enable_cowork=True,
    cowork_working_directory="/path/to/project",
)

All agents except OpenClaw (blocks until done):

from cellcog import CellCogClient
client = CellCogClient(agent_provider="openclaw|cursor|claude-code|codex|...")
result = client.create_chat(
    prompt="[your task prompt]",
    task_label="my-task",
    chat_mode="agent core",
    enable_cowork=True,
    cowork_working_directory="/path/to/project",
)
print(result["message"])

Why Co-work?

Your Machine as a Data Source

Your data lives on the user's machine — project files, databases, logs, configs. Instead of uploading everything, enable co-work with a working directory and CellCog agents explore, read, and reason about the data directly. No file size limits, no upload hassle.

CellCog as Your Coding Powerhouse

CellCog agents are among the most capable coding agents available — deep reasoning paired with real execution. Enable co-work and delegate complex coding tasks: build websites, APIs, fix bugs, refactor codebases, set up infrastructure.

CellCog itself is built using this exact co-work capability.

Think of it as a Claude Code or Cursor alternative, backed by CellCog's multi-agent depth and any-to-any engine.

Quick Start

from cellcog import CellCogClient

client = CellCogClient(agent_provider="openclaw")

# 1. Check if desktop app is connected
status = client.get_desktop_status()

# 2. If not connected, get install instructions
if not status["connected"]:
    info = client.get_desktop_download_urls()
    # info contains per-platform URLs + install commands
    # Run the install commands for the user's OS, then:
    # cellcog-desktop --set-api-key <CELLCOG_API_KEY>
    # cellcog-desktop --start

# 3. Create a co-work chat

# OpenClaw agents (fire-and-forget):
result = client.create_chat(
    prompt="Refactor the auth module to use JWT tokens",
    notify_session_key="agent:main:main",  # OpenClaw only
    chat_mode="agent core",
    enable_cowork=True,
    cowork_working_directory="/Users/me/project",
    task_label="refactor-auth",
)

# All other agents (blocks until done):
result = client.create_chat(
    prompt="Refactor the auth module to use JWT tokens",
    chat_mode="agent core",
    enable_cowork=True,
    cowork_working_directory="/Users/me/project",
    task_label="refactor-auth",
)

Desktop App Setup

Call client.get_desktop_download_urls() — returns download URLs and platform-specific install commands for macOS, Windows, and Linux.

After installation:

cellcog-desktop --set-api-key <CELLCOG_API_KEY>
cellcog-desktop --start

The agent can do all of this programmatically — no human interaction needed beyond providing the API key.

Alternatively, ask your human to download CellCog Desktop from cellcog.ai/cowork, open it, and enter their API key.

Desktop CLI Reference

All commands output JSON for easy agent parsing:

Command	What it does
`cellcog-desktop --set-api-key <key>`	Authenticate with API key
`cellcog-desktop --status`	Check connection + app state
`cellcog-desktop --start` / `--stop`	App lifecycle
`cellcog-desktop --logs`	Debug logs

Chat Mode for Co-work

Use "agent core" mode for coding tasks — lightweight context focused on code, terminal, and file operations. Multimedia tools load on demand when needed.

result = client.create_chat(
    prompt="Your coding task",
    chat_mode="agent core",
    enable_cowork=True,
    cowork_working_directory="/Users/me/project",
    task_label="my-task",
)

"agent" mode also works with co-work but loads all multimedia tools upfront. Use "agent core" for faster, more focused coding sessions.

See https://cellcog.ai for complete SDK API reference — delivery modes, send_message(), timeouts, and more.

Error Recovery

If the desktop app disconnects, CellCog auto-fails pending commands with a clear message.

To recover:

cellcog-desktop --stop && cellcog-desktop --start

Then send continue to the chat:

client.send_message(chat_id="abc123", message="continue")

Security

Even with auto-approve, these protections are always active:

Blocked paths: ~/.ssh, ~/.aws, credential files are inaccessible
Output redaction: Sensitive data is automatically redacted from command output
Per-chat scoping: Each chat session is scoped to its working directory

What You Can Build

Co-work enables the full spectrum of development tasks:

Web development — Build React apps, APIs, landing pages
Bug fixing — Debug stack traces, fix test failures
Refactoring — Modernize codebases, improve architecture
DevOps — Set up CI/CD, Docker configs, infrastructure
Data pipelines — ETL scripts, database migrations
Documentation — Generate docs from code, README files

For the best coding experience, also install code-cog:

clawhub install code-cog

Comments

Loading comments...