Ontology 1
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ontology-1 Version: 1.0.4 The 'ontology' skill bundle provides a structured knowledge graph system for agent memory with robust security-conscious design. The core script (scripts/ontology.py) includes path traversal protection via a path resolution utility and explicitly implements validation logic to forbid the storage of sensitive credentials like passwords or tokens. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the instructions and code are strictly aligned with the stated purpose of managing entities and relations.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information the agent remembers may persist across sessions and be reused later; append-only history can retain older facts.
The skill intentionally stores persistent, shared ontology memory. That is aligned with its purpose, but the graph can contain sensitive remembered facts and influence later work by the same or other skills.
Default: `memory/ontology/graph.jsonl` ... `append/merge changes instead of overwriting files. This preserves history` ... `Skill needs shared state | Read/write ontology objects`
Avoid storing passwords, tokens, or unnecessarily sensitive personal data; periodically review the ontology files; and use the documented secret_ref pattern rather than storing secrets directly.
It may be harder to confirm who published or maintains the skill.
The bundled _meta.json lists a different ownerId and slug, so the package identity does not fully match the registry metadata. This is a provenance note, not evidence of malicious runtime behavior.
Owner ID: kn78z2r5cyehmh21zf92vg3v6s8252qd; Slug: ontology-1; Source: unknown; Homepage: none
Verify that the registry entry and bundled metadata are expected before relying on this skill for persistent memory.