cellcog

This SKILL.md is a user-facing SDK and platform documentation for the CellCog cloud service. It does not contain obvious direct malicious code or supply-chain download-execute patterns. The main security considerations are operational: (1) local storage of an API key (~/.openclaw/cellcog.json) increases credential exposure on the host, (2) the <SHOW_FILE> mechanism permits explicit upload of arbitrary local files (so accidental or malicious exfiltration is possible if prompts are crafted incorrectly), and (3) notify_session_key can route outputs to external channels (Telegram/Discord), which could forward sensitive data. There are no hidden obfuscated payloads or instructions to download and execute third-party binaries. Overall this appears functionally coherent and appropriate for its stated purpose, but users should treat the API key and referenced files as sensitive, apply least privilege, and verify routing targets before enabling automated deliveries.