SlipBot Logseq Importer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: slipbot-logseq-importer Version: 1.0.0 The skill is designed to parse user-provided Logseq content and then 'invoke slipbot workflow' for each extracted bullet. The instructions state 'Let slipbot handle: filename, tags, links, graph update,' implying that the `slipbot` component will perform sensitive operations like file creation or database updates using user-derived content. While the `SKILL.md` itself does not contain explicit malicious instructions, this pattern introduces a significant vulnerability risk (e.g., shell injection, command injection) if the `slipbot` integration or the agent's input sanitization is insufficient, as user input is processed and passed to another system for execution of sensitive actions. This potential for indirect exploitation makes it suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create many new notes and update the slipbox graph.
The skill delegates note creation and graph updates to another workflow. This is purpose-aligned, but it means the user should expect actual changes to their slipbox.
For each bullet, invoke slipbot workflow: ... Let slipbot handle: filename, tags, links, graph update
Review the precheck summary and note count carefully before confirming the import.
Imported content becomes part of the user's slipbox and may affect future knowledge-base use.
The skill persists user-provided content into a knowledge base, where it may influence future note retrieval, tagging, linking, or graph context.
Parse a Logseq page and create individual slipbox entries for each bullet point.
Only import content you want stored in the slipbox, and confirm that parsed bullets look correct before proceeding.