Ontology
v1.0.0Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⭐ 0· 102·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (typed ontology, entity CRUD, graph queries) match the included Python script and SKILL.md workflows. Minor incoherences: skill.yaml advertises Node compatibility and a default ONTOLOGY_PATH of ~/clawd/ontology while the SKILL.md and the Python script default to memory/ontology/graph.jsonl; skill metadata/homepage fields also differ across files. These are likely packaging/documentation issues rather than functional mismatches, but you should confirm which path the agent will actually use.
Instruction Scope
SKILL.md instructs only local operations (create/query/relate/validate) against a local graph file and optional schema. The provided Python CLI implements append-only graph operations and path-resolution that restricts explicit user paths to the workspace root. There are no instructions to read unrelated system files or to send data to external endpoints in the visible code/instructions.
Install Mechanism
No install spec; the skill is instruction-only plus an included Python script. Nothing in the bundle downloads or executes external installers. Risk is limited to running the provided Python script locally.
Credentials
The skill requires no environment variables or credentials. The ontology model references credential references (secret_ref) and explicitly discourages storing secrets directly; the runtime does not request or handle external secret tokens. This is proportionate to the stated purpose.
Persistence & Privilege
The skill persists data locally (append-only JSONL under a workspace path). always:false and no special privileges are requested. Note that appended history can grow unbounded and will remain on disk; also the effective storage location may differ depending on the agent's working directory or configuration (see ONTOLOGY_PATH vs DEFAULT_GRAPH_PATH mismatch).
Assessment
This skill appears to do what it claims: local, file-backed ontology CRUD and queries implemented in Python. Before installing or running it, check these practical points: 1) Confirm which storage path will be used in your environment (SKILL.md/script default: memory/ontology/graph.jsonl; skill.yaml default: ~/clawd/ontology) and adjust ONTOLOGY_PATH if needed. 2) Review the remainder of scripts/ontology.py (the provided excerpt was truncated) to confirm there are no hidden network calls or telemetry. 3) The tool writes append-only history to disk in the agent's workspace — run it in an isolated workspace if you want to avoid mixing with other files, and plan for backups/rotation. 4) Do not store raw secrets in entity properties; follow the skill's credential_secret_ref pattern and integrate a proper secret store if you need to reference credentials. 5) The metadata mismatch (Node compatibility vs Python implementation, differing homepages/owner IDs) looks like packaging/documentation drift — treat it as a non-security issue but verify which runtime the platform will use. If you want higher assurance, ask the maintainer for a full audit of the shipped Python file and a clear statement of the canonical storage path.Like a lobster shell, security has layers — review code before you run it.
latestvk974kmfa3xqanm93gn665g19p983pw78
License
MIT-0
Free to use, modify, and redistribute. No attribution required.