ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QMD Search

v1.0.0

Search markdown knowledge bases efficiently using qmd. Use this when searching Obsidian vaults or markdown collections to find relevant content with minimal token usage.

0· 2.1k·3 current·3 all-time
byAnshuman Bhartiya@anshumanbh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: everything is about using the local 'qmd' tool to search markdown collections. Minor note: the skill does not declare 'qmd' as a required binary up front, but the runtime instructions explicitly check for and install it if missing — this is reasonable for an instruction-only skill.
Instruction Scope
Instructions stay within scope (list collections, run qmd search/vsearch/hybrid, present snippets and file paths). They direct the agent to use a 'Read' tool on returned file paths to show content — this is expected for a search/read workflow but does grant the agent the ability to read local files, so users should be aware the agent will access files you point it at.
Install Mechanism
No install spec in the registry (lowest-risk). SKILL.md includes suggested manual install commands (bun install -g https://github.com/tobi/qmd), which are reasonable guidance for users; the skill itself does not auto-download or execute installers.
Credentials
No environment variables, credentials, or config paths are requested. The skill's needs are proportional to its functionality.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes or elevated privileges. It does not modify other skills or global configs.
Assessment
This skill is a local-search helper for the qmd tool and looks coherent. Before installing/using it: (1) Be prepared that the agent may read local Markdown files and file paths it returns — avoid enabling it on folders containing sensitive data. (2) If you choose to install qmd, verify the GitHub repo (https://github.com/tobi/qmd) yourself before running the provided bun install command. (3) The skill will prompt to run qmd commands and to use a Read tool to show file contents; only allow those actions if you trust the environment and the files it will access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c11rwewm72r5vm2envrwfes800j5j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments