Ontology 1
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a local knowledge-graph memory tool with no evidence of hidden network access or exfiltration, but it does persist shared data that users should treat carefully.
Install this if you want a local structured memory graph. Treat memory/ontology as a persistent notebook: review it periodically, avoid storing secrets or unnecessary personal details, and verify the publisher metadata mismatch if provenance matters to you.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information the agent remembers may persist across sessions and be reused later; append-only history can retain older facts.
The skill intentionally stores persistent, shared ontology memory. That is aligned with its purpose, but the graph can contain sensitive remembered facts and influence later work by the same or other skills.
Default: `memory/ontology/graph.jsonl` ... `append/merge changes instead of overwriting files. This preserves history` ... `Skill needs shared state | Read/write ontology objects`
Avoid storing passwords, tokens, or unnecessarily sensitive personal data; periodically review the ontology files; and use the documented secret_ref pattern rather than storing secrets directly.
It may be harder to confirm who published or maintains the skill.
The bundled _meta.json lists a different ownerId and slug, so the package identity does not fully match the registry metadata. This is a provenance note, not evidence of malicious runtime behavior.
Owner ID: kn78z2r5cyehmh21zf92vg3v6s8252qd; Slug: ontology-1; Source: unknown; Homepage: none
Verify that the registry entry and bundled metadata are expected before relying on this skill for persistent memory.