Logseq
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: logseq Version: 1.0.0 This skill is classified as suspicious due to the documentation of high-risk capabilities within the Logseq Plugin API, specifically `logseq.Git.execCommand` and `logseq.Assets.listFilesOfCurrentGraph` in `SKILL.md` and `references/api-reference.md`. While the skill bundle itself does not contain explicit malicious instructions or prompt injection attempts, these documented APIs allow the AI agent to execute arbitrary git commands and list local files within the Logseq graph's directory. These capabilities, if exploited by a malicious user prompt, could lead to unauthorized file system interaction or information disclosure, even though they are presented as legitimate features of the Logseq API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user creates this bridge and it is reachable, an agent or other caller could potentially read, edit, move, or delete Logseq content beyond the intended task.
The bridge example dynamically forwards caller-controlled namespace, method, and arguments to the Logseq API. The shown snippet does not include an allowlist, authentication check, or confirmation step before invoking API methods.
async call({ method, namespace, args }) { const proxy = logseq[namespace]; ... return await proxy[method](...args); } ... // Listen on HTTP or expose IPCUse a localhost-only bridge with an auth token, a small allowlist of approved methods, and explicit confirmation for writes, deletes, bulk moves, and Git-related actions.
Private notes may be surfaced to the agent or chat context, and edits made through the API can persist in the user’s knowledge base.
A Logseq graph often contains private notes, tasks, journals, and long-lived user context. Reading and writing that graph is purpose-aligned, but it is sensitive and persistent.
This skill enables reading, writing, querying, and automating workflows in your Logseq graph.
Limit requests to the needed pages or blocks, avoid storing secrets in pages the agent may query, review proposed edits, and keep backups before bulk changes.
Installing packages or custom plugins gives additional code access to the user’s local Logseq/Node environment.
The skill itself is instruction-only, but its setup guidance includes installing an external npm package or creating a bridge plugin, which introduces external code provenance considerations.
Option 2: Node.js Script with @logseq/libs ... npm install @logseq/libs
Install only from trusted sources, prefer official Logseq libraries, pin versions where practical, and inspect any bridge plugin before enabling it.