Skip to content
OntoSkills

OntoCore Compiler

ontocore is the optional compiler that turns SKILL.md sources into validated OWL 2 ontology modules.

Most users don’t need it — you only need OntoCore if you want to:

  • Write custom skills from source
  • Import and compile raw skill repositories
  • Develop and test skills locally

Installation

Terminal window
ontoskills install core

This creates a managed compiler runtime under:

~/.ontoskills/core/

Requirements:

  • Python 3.10+
  • Anthropic API key (set ANTHROPIC_API_KEY env var)

The compilation pipeline

SKILL.md → [Extract] → [Security] → [Serialize] → [SHACL] → ontoskill.ttl
StageWhat Happens
ExtractClaude reads SKILL.md and extracts structured knowledge
SecurityRegex + LLM review for malicious content
SerializePydantic models → RDF triples
ValidateSHACL shapes check logical validity
WriteAtomic write with backup

If any stage fails, the skill is not written. The SHACL gatekeeper enforces constitutional rules.

File processing rules

OntoCore processes files based on their type:

RuleInputOutputProcessing
ASKILL.mdontoskill.ttlLLM compilation
B*.md (auxiliary)*.ttlLLM compilation as sub-skill
COther filesDirect copyAsset (images, etc.)

Directory mirroring

The output structure mirrors the input:

skills/                          →    ontoskills/
├── office/                      →    ├── office/
│   ├── SKILL.md                 →    │   ├── ontoskill.ttl
│   ├── planning.md              →    │   ├── planning.ttl
│   └── review.md                →    │   └── review.ttl
└── pdf/                         →    └── pdf/
    ├── SKILL.md                 →        ├── ontoskill.ttl
    └── diagram.png              →        └── diagram.png

Sub-skills

Auxiliary .md files in a skill directory become sub-skills:

  • They automatically extend the parent skill
  • They inherit parent context during extraction
  • They get qualified IDs: package/parent/child

CLI commands

Initialize core ontology

Terminal window
ontoskills init-core

Creates core.ttl with the base TBox ontology (classes, properties, state definitions).

Compile skills

Terminal window
# Compile all skills in skills/
ontoskills compile


# Compile a specific skill
ontoskills compile office


# Compile with options
ontoskills compile --force          # Bypass cache
ontoskills compile --dry-run        # Preview without saving
ontoskills compile --skip-security  # Skip LLM security review
ontoskills compile -v               # Verbose logging
OptionDescription
-i, --inputInput directory (default: skills/)
-o, --outputOutput directory (default: ontoskills/)
--dry-runPreview without saving
--skip-securitySkip LLM security review (regex checks still run)
-f, --forceForce recompilation (bypass cache)
-y, --yesSkip confirmation prompts
-v, --verboseEnable debug logging
-q, --quietSuppress progress output

Query the graph

Terminal window
ontoskills query "SELECT ?s WHERE { ?s a oc:Skill }"

Runs SPARQL queries against the compiled ontology.

Inspect quality

Terminal window
# List all compiled skills
ontoskills list-skills


# Run security audit
ontoskills security-audit

Output structure

After compilation:

ontoskills/
├── core.ttl      # Core TBox (shared classes/properties)
├── index.ttl                # Manifest with owl:imports
├── system/
│   └── index.enabled.ttl    # Skills enabled for MCP
└── <skill-path>/
    └── ontoskill.ttl        # Individual skill module

The core ontology

The core ontology (core.ttl) is the shared TBox that all skill modules reference via owl:imports. It is:

  • Served online at https://ontoskills.sh/ontology/core.ttl
  • Downloaded automatically by ontoskills install mcp into ~/.ontoskills/ontologies/core.ttl
  • Regenerated locally by ontoskills init-core or ontoskills compile when developing

Compiled skill modules reference the core via owl:imports <https://ontoskills.sh/ontology/core.ttl>. The MCP resolves this to the local copy in your ontology root.

core.ttl defines:

  • oc:Skill, oc:ExecutableSkill, oc:DeclarativeSkill
  • Properties: dependsOn, extends, contradicts, resolvesIntent, etc.
  • Knowledge node classes: oc:Heuristic, oc:AntiPattern, etc.
  • State classes for preconditions/postconditions

The index

index.ttl is a manifest that:

  • Lists all compiled skills
  • References the core ontology via owl:imports <https://ontoskills.sh/ontology/core.ttl>
  • Used by OntoMCP to discover available skills

Caching

OntoCore is cache-aware:

  • Each skill has a content hash stored in oc:contentHash
  • Unchanged skills are skipped on recompilation
  • Use --force to bypass cache

Security pipeline

The compiler runs a defense-in-depth security check:

  1. Unicode normalization — NFC normalization, zero-width character removal
  2. Regex patterns — Detects prompt injection, command injection, path traversal, credential exposure
  3. LLM review — Claude reviews flagged content for nuanced threats

Detected threat types:

  • Prompt injection (ignore instructions, system:, you are now)
  • Command injection (; rm, | bash, command substitution)
  • Data exfiltration (curl -d, wget --data with credentials)
  • Path traversal (../../../, /etc/passwd)
  • Credential exposure (hardcoded api_key=, password=)

Use --skip-security to bypass LLM review (regex checks still run).

SHACL validation

Every skill must pass SHACL validation before being written. The constitutional shapes are defined in core/specs/ontoskills.shacl.ttl and enforce constraints across 6 node shapes.

Required fields (blocking):

ConstraintRule
resolvesIntentRequired (at least 1)
generatedByRequired (exactly 1)
requiresStateMust be valid IRI
yieldsStateMust be valid IRI
handlesFailureMust be valid IRI

Type-specific rules:

  • ExecutableSkill must have exactly 1 hasPayload (with code or executionPath)
  • DeclarativeSkill must not have hasPayload

If validation fails, the skill is not written and an error is shown.

See Skill Authoring for practical guidance on writing skills that pass validation.

Error handling

ErrorCauseSolution
SkillNotFoundErrorSkill directory doesn’t existCheck path spelling
OrphanSubSkillsError.md files without parent SKILL.mdCreate SKILL.md in directory
SecurityErrorContent blocked by security pipelineReview content, use --skip-security if safe
OntologyValidationErrorSHACL validation failedFix reported constraint violations
ExtractionErrorLLM extraction failedCheck ANTHROPIC_API_KEY, retry

Environment variables

VariableDescriptionDefault
ANTHROPIC_API_KEYAnthropic API keyRequired
ANTHROPIC_BASE_URLAPI base URLhttps://api.anthropic.com
SECURITY_MODELModel for security reviewclaude-opus-4-6

Next steps