Logseq
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a local Logseq automation guide, but its example bridge could give broad read/write/delete access to your notes if exposed without safeguards.
Use this only if you are comfortable letting an agent interact with your local Logseq graph. Keep any bridge bound to localhost, add authentication and method allowlists, confirm destructive or bulk edits, and back up your graph before automation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user creates this bridge and it is reachable, an agent or other caller could potentially read, edit, move, or delete Logseq content beyond the intended task.
The bridge example dynamically forwards caller-controlled namespace, method, and arguments to the Logseq API. The shown snippet does not include an allowlist, authentication check, or confirmation step before invoking API methods.
async call({ method, namespace, args }) { const proxy = logseq[namespace]; ... return await proxy[method](...args); } ... // Listen on HTTP or expose IPCUse a localhost-only bridge with an auth token, a small allowlist of approved methods, and explicit confirmation for writes, deletes, bulk moves, and Git-related actions.
Private notes may be surfaced to the agent or chat context, and edits made through the API can persist in the user’s knowledge base.
A Logseq graph often contains private notes, tasks, journals, and long-lived user context. Reading and writing that graph is purpose-aligned, but it is sensitive and persistent.
This skill enables reading, writing, querying, and automating workflows in your Logseq graph.
Limit requests to the needed pages or blocks, avoid storing secrets in pages the agent may query, review proposed edits, and keep backups before bulk changes.
Installing packages or custom plugins gives additional code access to the user’s local Logseq/Node environment.
The skill itself is instruction-only, but its setup guidance includes installing an external npm package or creating a bridge plugin, which introduces external code provenance considerations.
Option 2: Node.js Script with @logseq/libs ... npm install @logseq/libs
Install only from trusted sources, prefer official Logseq libraries, pin versions where practical, and inspect any bridge plugin before enabling it.