ClawHub

logseq article archive

Security checks across malware telemetry and agentic risk

Overview

This Logseq skill is not malicious, but it can broadly scan and persistently change a user's note graph without clear approval boundaries.

Review before installing. Use it first on a backed-up or test Logseq graph, specify exact folders and operation modes, require a diff or explicit confirmation before any write, and disable answer archiving or web search unless you intentionally want those behaviors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The rules explicitly authorize modifying files in the user's Logseq pages directory and later require broad edits such as adding summaries, titles, links, and standardization across all documents. Without clear consent boundaries, preview/approval steps, or protections for existing content, the skill could overwrite user-authored material, introduce incorrect edits at scale, or corrupt the knowledge base structure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow says valuable answers should be archived as new pages, but it does not warn that user queries and generated outputs may be persisted to disk. This creates a risk of storing sensitive prompts, private data, or hallucinated content without informed consent, potentially causing privacy leakage and long-term retention of incorrect information.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly allows activation from generic direct questions without requiring a clear command, scope, or confirmation. In a system that can read from and write to a Logseq workspace, this broad trigger increases the chance of unintended invocation and unexpected actions such as indexing, synthesis, or file creation from ordinary conversation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The workflow repeats that users can ask directly without specifying an operation type, reinforcing ambiguous auto-activation behavior. Because the skill also performs searches, synthesis, archiving, and index updates, a vague trigger can cause the agent to take actions beyond the user's intent, including persistent modifications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that the LLM will create, update, and maintain index files, but it does not clearly warn users that these actions modify files in the Logseq workspace. This lack of disclosure can lead to silent or surprising persistence, accidental overwrites, and undesired changes to a user's knowledge base.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The query feature says valuable answers will be archived as new pages, meaning even ordinary question-answer interactions may create persistent files. Without prominent user opt-in, normal conversational use can unexpectedly change the workspace and accumulate unreviewed content, which is particularly risky in a knowledge-management context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal