Ontology To Expertpack
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or enabling the skill may request wallet-related authority that is not needed for a local file conversion workflow.
Wallet-related authority is sensitive and not explained by the converter's stated purpose or visible code, which only reads a graph file and writes local ExpertPack files.
Capability signals: - requires-wallet ... Primary credential: none
Do not grant wallet access unless the publisher clearly documents why it is required; the publisher should remove or justify this capability signal.
Private notes, business details, or prompt-like content already present in the ontology graph can become persistent ExpertPack content and may later be retrieved by agents.
The script copies ontology entity properties into generated Markdown files, filtering only property names that look credential-like.
props = sanitize_properties(entity.get('properties', {})) ... md.append(f"- **{k}:** {v}")Run it only on a graph you intend to migrate, inspect the generated pack for sensitive or untrusted content, and remove secrets before using or sharing it.
If the generated pack contains private or incorrect information, committing or uploading it could spread that content to other tools or users.
The sharing step is user-directed and preceded by review guidance, but it can propagate exported ontology memory beyond the local machine.
Commit to git and share via expertpack.ai or ClawHub
Review and sanitize the output before committing it to git or sharing it through any external service.