Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
Security Analysis
high confidenceThe skill is internally consistent: it implements a local, file-based typed knowledge graph (ontology) and does not request extra credentials, network access, or unusual installs.
Name/description (typed knowledge graph, entity CRUD, relations, planning) match the included SKILL.md and the Python script. There are no unrelated required env vars, binaries, or config paths.
Runtime instructions explicitly operate on local files (default memory/ontology/graph.jsonl) and provide commands for create/query/relate/validate. The SKILL.md does not instruct reading unrelated system files or contacting external endpoints. It also documents a policy to not store secrets directly (use secret_ref), which aligns with the described purpose.
No install spec is provided (instruction-only). The included code is a local Python script; nothing is downloaded or written outside the workspace except the graph file under memory/ontology, which is expected behavior.
The skill declares no required environment variables or primary credential. The design explicitly avoids storing secrets directly and expects secret references; that is proportionate for an ontology tool.
always is false and model invocation is allowed (platform default). The skill creates/updates a local append-only graph file (memory/ontology/graph.jsonl) which is appropriate for its purpose and does not modify other skills or system-wide agent settings.
Guidance
This skill appears to be a local, file-backed ontology implementation and is coherent with its description. Before installing, consider: 1) it will write and append to memory/ontology/graph.jsonl in your workspace — ensure you are comfortable with that storage location and retention of the append-only history; 2) the code uses a path resolver that restricts operations to the workspace root (a safety feature), but still review scripts/ontology.py yourself if you need stronger guarantees; 3) the schema enforces that secrets should be stored as secret_ref (not inline) — confirm your secret store integration if you plan to reference credentials; 4) because the skill can be invoked by the agent, be aware that the agent could read/write the ontology autonomously (normal behavior) so only enable it if you trust the agent to manage local data. If you want higher assurance, request the full validate_graph implementation (some code was truncated in the provided file) and scan the script for any hidden network calls or subprocess invocations (none were found in the visible code).
Latest Release
v1.0.4
- Initial release of the ontology skill for typed, constraint-validated knowledge graphs. - Supports entity and relation CRUD, property and relation validation, and graph traversal for common types such as Person, Project, Task, Event, and Document. - Provides schema-driven constraints including required properties, enums, forbidden fields, cardinality, and acyclicity. - Enables multi-step planning and shared memory across skills via structured ontology objects. - Includes CLI tooling for creating, querying, linking, and validating graph data using JSONL storage.
More by @oswalpalash
Published by @oswalpalash on ClawHub
