Skillv1.0.0

ClawScan security

Ontology Knowledge Graph · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 4, 2026, 9:11 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, declared requirements, and intended purpose are internally consistent; it is an instruction-only ontology for local agent memory and does not request unexplained credentials or installs.
Guidance: This skill is an instruction-only design for a local typed knowledge graph and appears coherent. Before installing/using: 1) Note that the SKILL.md references helper scripts (scripts/ontology.py) that are NOT included — review or provide those implementations before use. 2) Confirm the filesystem location (memory/ontology) and set tight permissions so the agent cannot read unrelated sensitive files. 3) Never store plaintext secrets in the graph; use secret references that point to a secure secret store and review how secret_ref is resolved by your implementation. 4) If you wire cross-skill integrations or migration to SQLite, audit those components for network access or credential use. 5) If you want stronger guarantees, require an explicit implementation (code) and review it for any file I/O or network calls before enabling the skill for autonomous use.

Review Dimensions

Purpose & Capability: okName and description match the instructions. The SKILL.md describes a typed knowledge-graph, local storage (memory/ontology/graph.jsonl), schema rules, and integration patterns; nothing requested (no env vars, no binaries, no installs) is out of scope for an ontology/memory skill.
Instruction Scope: noteInstructions confine reads/writes to a local ontology store (memory/ontology/*) and describe using helper scripts (python3 scripts/ontology.py). The skill is instruction-only and does not include those scripts — agents or integrators would need to supply them. Because the instructions allow 'direct file ops' and cross-skill communication, an implementation could be used to read/write additional files if misconfigured; the SKILL.md itself does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism: okNo install spec or code files are included. This is low-risk: nothing is downloaded or written to disk by the skill itself.
Credentials: okNo environment variables or credentials are requested. The ontology defines a 'Credential' type with a secret_ref and explicitly warns against storing secrets directly — appropriate guidance. If you integrate real secret stores, those credentials would be required by the implementation, not by this instruction-only skill.
Persistence & Privilege: okSkill does not request permanent inclusion (always:false) and uses normal autonomous invocation. It does not modify other skills or system-wide settings in the instructions.