11 min read
5 hours ago
--
Press enter or click to view image in full size
Alibaba’s AgentScope team shipped a personal AI assistant that scans your skills for malware before they run. I spent a week trying to get past it. Here is exactly where it held — and the one place it didn’t.
Here is the number that made me re-run the whole test: across 18 real personal-assistant tasks, I deliberately planted 6 attacks pulled straight from this year’s documented agent-skill threat reports. QwenPaw’s built-in guards blocked 5 of them before a single line executed. The 6th got through — and the way it got through is the most useful thing I learned all week.
QwenPaw is the personal AI assistant from Alibaba’s AgentScope team. It hit GitHub as “CoPaw,” was renamed to QwenPaw — Qwen Personal Agent Workstation — on April 12, 2026, and pushed v1.1.7 on May 14. It sits at 15.8K stars, 2.2K forks, Apache 2.0. You install it with pip install qwenpaw, it runs entirely on your machine, and it talks to you through DingTalk, Feishu, WeChat, Discord, or Telegram. On the surface it is one more entry in a crowded field of "run an agent that does your chores" projects.
The thing that made me stop scrolling was the security section of the README. Most personal-agent projects treat security as a paragraph of disclaimers. QwenPaw ships…