v1.0.0

Personal Ontology

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

The skill is coherent and not malicious, but it asks the agent to scan and reuse broad personal notes over time, so users should review privacy and automation boundaries before installing.

GuidanceInstall only if you are comfortable with the assistant reading personal notes to build a local ontology. Before using it, set a narrow approved notes path, exclude sensitive files, require review before any ontology updates, and avoid enabling daily or cron-based scans unless you understand how to stop them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Automated Mode: Passive scanning and maintenance without user prompting. - Daily scan for new/changed Objects ... These can be implemented via scheduled prompts (cron) that read the ontology files + the user's task board/journal + the nudge state file.

The runtime instructions describe recurring autonomous maintenance and scheduled prompts that read personal data, but the artifacts do not clearly define opt-in, stop conditions, exclusions, or retention boundaries.

User impactThe assistant could continue checking personal notes, task boards, and journals as part of ongoing ontology maintenance unless the user explicitly limits or disables that workflow.

RecommendationEnable daily or scheduled scans only after explicit opt-in, document how to disable them, and keep any cron or automation limited to a specific approved folder.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

bootstrap.md

Target Locations ... Journal/daily notes ... Drafts and rough notes ... Archived/old notes ... Default output: `[User's Notes Folder]/Ontology_Suggestions.md` ... `Quote: "[exact text]"`

The skill instructs the agent to scan broad personal note sources and persist extracted quotes and sources into a suggestions file, creating reusable personal context from potentially sensitive journals, drafts, and archives.

User impactPrivate thoughts, beliefs, goals, and exact quotations from notes may be copied into persistent ontology files and later used by the assistant when helping with decisions.

RecommendationUse a narrow notes folder, exclude sensitive journals or private files, review every extracted item before saving it, and periodically delete stale suggestions or ontology entries.