Ghost Catalog - Semantic File Organization
v0.0.1Scan, tag, validate, and catalog files using the Ghost Catalog semantic file header system (SOM-XXX-NNNN-vX.X.X). Use when: discovering untagged files, onboa...
⭐ 0· 265·0 current·0 all-time
bySoMaCo@somacosf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (semantic file header catalog) aligns with the provided instructions, templates, and SQLite schema. All declared artifacts (header templates, category codes, DB schema) are directly relevant to scanning, tagging, validating, searching, and reporting on project files.
Instruction Scope
The SKILL.md instructs the agent to read the workspace, parse .gitignore/.ghost_ignore, read and sometimes modify files (prepending headers), and create/update data/ghost-catalog.db. These actions are appropriate for the stated purpose but do involve filesystem writes and modifications to source files — the skill states it will show previews and ask for confirmation when tagging multiple files, which mitigates risk. Users should expect file modifications and may want backups or version control diffs before running tag operations.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. Lowest install risk — nothing is downloaded or written by an installer. Runtime behavior is limited to local file I/O and SQLite DB writes as described in the docs.
Credentials
No environment variables, credentials, or external endpoints are requested. The SQLite DB and agent_registry are internal to the project workspace and are proportionate to the cataloging task. No surprising secrets or cross-service credentials are required.
Persistence & Privilege
The skill is user-invocable and permits model invocation (disable-model-invocation: false), which is the platform default and not, by itself, a problem. The skill writes a local DB (data/ghost-catalog.db) and can modify project files by prepending headers; that persistence is consistent with its function but means it requires filesystem write permission in the workspace. It is not force-enabled (always: false).
Scan Findings in Context
[no_code_files_to_scan] expected: This is an instruction-only skill with documentation and SKILL.md; the regex scanner had no code files to analyze, which is expected for a docs-only skill.
Assessment
This skill appears coherent and does what it says: it scans your workspace, maintains a local SQLite catalog at data/ghost-catalog.db, and can prepend semantic headers to files. Before using it: (1) ensure your repository is under version control or make a backup, because tagging modifies files; (2) review or create a .ghost_ignore to prevent the skill from touching sensitive files (credentials, configs, or data you don't want cataloged); (3) expect a preview and confirmation step for bulk tagging, but verify that behavior in your environment; (4) note the skill runs locally and does not require external credentials or downloads. If you want to be extra cautious, run scans first (no file writes) to inspect results before allowing any tagging operation.Like a lobster shell, security has layers — review code before you run it.
latestvk97b956eqb9qrvrv2txvndk1bn8240hs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.