Back to skill
Skillv1.0.0
ClawScan security
Ontology 1.0.4 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 8:03 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent with its stated purpose (a local typed knowledge graph) and does not request credentials or network access, but there are a few implementation issues you should review before use.
- Guidance
- This skill appears to implement a local ontology/knowledge-graph and is coherent with its description. Before installing and using it: 1) run it in an isolated workspace (the default graph path is memory/ontology/graph.jsonl) to limit file writes; 2) review scripts/ontology.py yourself—there is a resolve_safe_path helper but other file I/O functions (load_graph/append_op) do not enforce it, so if you or an automation pass an arbitrary path you could write outside the workspace; 3) follow the schema guidance to store secrets via secret references (secret_ref) rather than embedding secrets; 4) if you need stronger safety, modify the script to apply resolve_safe_path to all file-path inputs or restrict CLI/path inputs to the workspace. Overall the package looks benign but has small implementation hygiene issues worth fixing before broad use.
Review Dimensions
- Purpose & Capability
- okName/description (typed knowledge graph / structured memory) matches the provided SKILL.md and the included Python script which implements create/query/relate/validate operations. No unrelated credentials, binaries, or external services are required.
- Instruction Scope
- noteSKILL.md instructs the agent to read/write a local append-only graph file (memory/ontology/graph.jsonl) and to use the included CLI. The instructions stay within the stated domain (entity CRUD, relations, queries). They mention document paths and secret references (secret_ref) but do not instruct reading arbitrary system files or exfiltrating data.
- Install Mechanism
- okNo install spec (instruction-only) and the included script is pure Python with no network/download steps. This is low risk from installation/execution perspective.
- Credentials
- okThe skill requires no environment variables, no credentials, and asks the user to store secrets by reference rather than directly. The requested environment access is proportionate to a local ontology tool.
- Persistence & Privilege
- okIt is not always-enabled and does not request elevated platform privileges. It writes only to workspace-local storage by default and does not modify other skills or global agent settings.