ontology
v1.0.4Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⭐ 484· 153k·1k current·1.1k all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (typed knowledge graph, entity CRUD, relations, planning) match the included SKILL.md and the Python script. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope
Runtime instructions explicitly operate on local files (default memory/ontology/graph.jsonl) and provide commands for create/query/relate/validate. The SKILL.md does not instruct reading unrelated system files or contacting external endpoints. It also documents a policy to not store secrets directly (use secret_ref), which aligns with the described purpose.
Install Mechanism
No install spec is provided (instruction-only). The included code is a local Python script; nothing is downloaded or written outside the workspace except the graph file under memory/ontology, which is expected behavior.
Credentials
The skill declares no required environment variables or primary credential. The design explicitly avoids storing secrets directly and expects secret references; that is proportionate for an ontology tool.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill creates/updates a local append-only graph file (memory/ontology/graph.jsonl) which is appropriate for its purpose and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to be a local, file-backed ontology implementation and is coherent with its description. Before installing, consider: 1) it will write and append to memory/ontology/graph.jsonl in your workspace — ensure you are comfortable with that storage location and retention of the append-only history; 2) the code uses a path resolver that restricts operations to the workspace root (a safety feature), but still review scripts/ontology.py yourself if you need stronger guarantees; 3) the schema enforces that secrets should be stored as secret_ref (not inline) — confirm your secret store integration if you plan to reference credentials; 4) because the skill can be invoked by the agent, be aware that the agent could read/write the ontology autonomously (normal behavior) so only enable it if you trust the agent to manage local data. If you want higher assurance, request the full validate_graph implementation (some code was truncated in the provided file) and scan the script for any hidden network calls or subprocess invocations (none were found in the visible code).Like a lobster shell, security has layers — review code before you run it.
latestvk97ffze3zez06e1m81k7nrwn2182qtgz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.