ontopo
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ontopo Version: 1.0.0 The OpenClaw skill bundle for Ontopo is benign. The `SKILL.md` and `README.md` provide clear instructions for using the Python CLI tool, without any evidence of prompt injection attempts or malicious shell commands. The core Python script (`scripts/ontopo-cli.py`) interacts solely with the `ontopo.com` API, as expected for its stated purpose of searching restaurants and availability. There are no signs of data exfiltration, unauthorized system access, persistence mechanisms, or obfuscation. The `httpx` dependency is standard and used appropriately for network communication.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your restaurant search details may be sent to Ontopo when the skill checks live availability.
The skill sends restaurant searches, dates, times, and availability checks to Ontopo's API and obtains an anonymous token for API use.
BASE_URL = "https://ontopo.com/api" ... response = await self._request("POST", "/loginAnonymously", auth_required=False)Use it for reservation searches you are comfortable querying through Ontopo, and manually confirm any booking on the Ontopo website.
Installation depends on the current package resolved from the Python package ecosystem.
The skill depends on the external Python package httpx, and the artifact does not pin a specific package version.
"install": [{"kind": "uv", "package": "httpx", "label": "Install httpx via pip/uv"}]Install from a trusted package index and consider pinning or reviewing dependency versions in managed environments.
If you ask an agent to automate recurring checks, it may continue making repeated Ontopo queries and sending alerts until stopped.
The README encourages user-directed recurring availability checks, which could lead to ongoing agent activity if the host client supports scheduling.
Ask your AI agent to set up recurring checks: ... "Check every day and alert me if a table opens up at Mashya this month for 2 people"
Only enable recurring checks with a clear schedule, notification destination, and end date or stop instruction.