v1.0.0

zqtest

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:35 AM.

Analysis

This looks like a local ontology memory tool, but it needs review because its documentation promises enforced validation and secret-protection that the visible write helper does not appear to enforce.

GuidanceReview before installing. If you use it, keep the ontology store in a trusted workspace, do not store raw passwords or tokens, remember that append-only history may retain past data, and require schema validation to run before writes rather than relying only on the documentation's safety claims.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

scripts/ontology.py

def create_entity(...): entity = {"id": entity_id, "type": type_name, "properties": properties, ...}; record = {"op": "create", "entity": entity, ...}; append_op(graph_path, record)

The visible create path accepts arbitrary properties and appends them to storage. In context, SKILL.md claims 'Every mutation is validated against type constraints before committing' and defines forbidden credential properties, so users or agents may overtrust validation that is not evident in the write helper.

User impactInvalid records or sensitive fields could be written to the graph despite the documentation implying that constraints prevent this.

RecommendationTreat validation as manual unless the script is updated to enforce schema checks before every create, update, delete, and relate operation; avoid storing raw secrets.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

_meta.json

{"ownerId": "kn72dv4fm7ss7swbq47nnpad9x7zy2jh", "slug": "ontology", "version": "1.0.4"}

The package-internal metadata differs from the registry metadata shown for this evaluation, which lists owner kn75a5r3vfnrs608hxn6hqbkwn834s6p, slug zqtest, and version 1.0.0. This is a provenance inconsistency, although the included files otherwise align with the ontology purpose.

User impactIt may be harder to verify which package/version/owner the installed artifact came from.

RecommendationConfirm the publisher and intended package identity before installing, and prefer artifacts whose registry metadata matches their bundled metadata.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Default: `memory/ontology/graph.jsonl` ... `Skill needs shared state | Read/write ontology objects` ... `Person: { name, email?, phone?, notes? }` ... `Message: { content, sender, recipients[], thread? }`

The skill intentionally creates a persistent shared memory graph that can contain personal and communication data. This is central to the stated purpose, but it means stored entries may be reused by future tasks or other skills.

User impactPersonal or work information placed in the ontology may persist and influence later agent behavior.

RecommendationUse it only in trusted workspaces, review what is stored in memory/ontology, and avoid placing secrets or highly sensitive content in the graph.