Back to skill

Security audit

Logseq

Security checks across malware telemetry and agentic risk

Overview

This documentation-only Logseq skill is not malware, but its sample bridge can expose broad access to your local notes without enough safeguards.

Install only if you intend to let an agent automate your local Logseq graph. If you build the bridge, keep it localhost-only, require an auth token, allowlist only the exact methods you need, confirm deletes and bulk changes, restrict Git commands, and keep backups or version control enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly documents create, update, and delete capabilities against the user's local Logseq graph but does not warn that these actions can permanently modify or remove notes. In an agent setting, that omission is security-relevant because a model may invoke destructive operations without clear user confirmation, risking integrity loss of personal knowledge data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The bridge-plugin example encourages exposing Logseq API methods over HTTP without discussing authentication, binding restrictions, origin checks, or the sensitivity of graph contents. If implemented as described, other local processes—or in some configurations remote clients—could read, modify, or delete notes and potentially trigger additional actions through the exposed API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
These examples demonstrate page and block creation, updates, moves, and task completion directly against a live local Logseq graph without an explicit warning that they mutate user data. In a skill intended for automation against a local knowledge base, omission of safety guidance can lead users or downstream agents to run destructive or irreversible operations on real notes unintentionally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The automation workflows perform bulk content modification and reorganization, including moving completed tasks to archive pages and auto-tagging pages, again without explicit warnings, safeguards, or rollback guidance. In context, these examples are more dangerous than simple CRUD snippets because they operate across many pages/blocks and can silently alter large portions of a user's graph if copied into an agent or plugin.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.