ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ontology Mapper

v2.1.0

Map construction data to standard ontologies. Create semantic mappings between different data schemas

0· 1.3k·13 current·15 all-time
by@datadrivenconstruction
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ontology mapping) align with the declared requirements: python3 is required and the SKILL.md contains Python-based mapping classes and logic. Requesting filesystem access in claw.json is reasonable for reading user-supplied CSV/Excel/JSON files.
Instruction Scope
instructions.md and SKILL.md focus on processing data the user supplies and producing mapping reports. The skill documentation explicitly constrains operations to user-provided data, but the claw.json grants generic filesystem permission—this is required for file-based inputs but means the skill could read files if misused. No instructions were found that direct the agent to read unrelated system files or environment secrets.
Install Mechanism
There is no install spec and no code files to write/execute on install (instruction-only). This minimizes installation risk. The only runtime requirement is python3, which matches the provided code examples.
Credentials
The skill declares no required environment variables or credentials. That is proportional to the described task of local data mapping. No evidence in the provided files of attempts to access unrelated credentials or external services.
Persistence & Privilege
always is false (normal) and disable-model-invocation is false (normal autonomous invocation). claw.json includes a broad 'filesystem' permission which is appropriate for reading input files but is a sensitive permission—users should avoid supplying sensitive system files. The skill does not request persistent system-wide privileges.
Assessment
This skill appears to do what it says: map construction data to ontologies using Python and reading user-provided files. Before installing or invoking it, only give it the files you want processed (avoid sending system or credential files), confirm the homepage/owner if provenance matters, and prefer manual review of any exported mappings before sharing them externally. Because the package requests filesystem access in its metadata, treat that as the main risk vector: restrict inputs to project data and do not expose secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk977mtnecae776xfxmt4617ban816g54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments