ontology-pro
v1.0.1基于文本构建并持续更新知识图谱,支持多步推理和因果分析,输出可执行的最优策略与行动建议。
⭐ 0· 70·0 current·0 all-time
bymingyuan@zmy1006-sudo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (ontology, reasoning, persistent memory) align with the included reference docs and two helper scripts: graph_visualize.py (renders JSON → Mermaid) and memory_manager.py (create/load/update/query JSON graphs). Everything requested (no credentials, no external services) matches the stated capability. Minor inconsistency: documentation refers to workspace paths like {workspace}/.workbuddy/ontology/... while the code's DEFAULT_BASE_DIR writes to the user's home (~/.ontology-pro/graphs). This mismatch is likely a documentation vs implementation oversight but worth noting.
Instruction Scope
SKILL.md instructs the agent to persist and load knowledge graphs across sessions and to inject graph summaries into prompts for reasoning. The instructions do not ask the agent to read arbitrary system files or environment variables beyond the skill's own storage. However, the skill will read/write files in user directories (see memory and index file locations) and automatically load graph context when triggered by fairly broad keywords—this increases privacy exposure of any text the agent stores in graphs.
Install Mechanism
This is instruction-only with two included Python scripts. There is no install spec, no downloads from external URLs, and no package installs declared. Risk from install mechanism is low because nothing is fetched or executed automatically by an installer; scripts run only if invoked.
Credentials
The skill requests no environment variables, no credentials, and does not declare any external endpoints. That is proportionate for a local knowledge-graph/memory manager. No secret exfiltration indicators are present in the code.
Persistence & Privilege
The skill persists knowledge graphs to disk and supports cross-session indexing, merging, cleanup and automated decay rules (described in docs). It does not request elevated platform privileges nor set always:true. The main consideration: it will create and update files under user directories (code defaults to ~/.ontology-pro/graphs; docs mention .workbuddy/ontology), so stored content could contain sensitive user data if the agent is asked to 'remember' such information.
Assessment
What to consider before installing/using this skill:
- Persistent storage: The skill writes/reads graph files on disk (code defaults to ~/.ontology-pro/graphs). The documentation also references a different path (.workbuddy/ontology). Confirm which path will be used and where data will be stored, especially if you handle sensitive information.
- Privacy: Any text you ask the agent to 'remember' may be persisted indefinitely in those JSON graph files. If you plan to include sensitive content, use an isolated environment, or avoid the memory/save commands.
- Auto-loading triggers: The skill is designed to be auto-loaded for broad keywords (ontology, knowledge graph, reasoning, etc.). If you want tighter control, disable automatic invocation or require explicit user invocation in the agent settings.
- Review scripts before running: The two included scripts operate locally and appear to only manipulate JSON files and generate Mermaid text. If you want absolute certainty, inspect/execute them in a sandbox to verify they behave as expected.
- Backups and cleanup: Because the skill supports long-lived memory, consider configuring a backup/retention policy and periodically review stored graphs. If you find the docs and code disagree on storage paths, update or patch the skill to use the location you prefer.
Overall: the skill appears coherent and implements what it promises, but treat its persistent-memory feature as the main risk vector and control storage location and invocation policy accordingly.Like a lobster shell, security has layers — review code before you run it.
latestvk970sja4dwkt0rhhctx3wky7bh83yabs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.