Skillv0.1.0

ClawScan security

Qmd · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 7:37 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated purpose (local markdown search); it asks to run the qmd binary, index local files, and may download local models — all expected for this functionality.
Guidance: This skill appears coherent and implements a local markdown search: it will read and index whatever files you point it at (so avoid indexing secrets), and it may download and store local model files (GGUF) to ~/.cache/qmd/models/ and load them into memory for semantic search which can be slow and resource-heavy. Installing qmd as suggested (bun install -g from GitHub) will execute third-party code — review the upstream repository before installing. If you plan to automate indexing (cron or agent scheduler), restrict the collection paths and run with a user account with limited privileges. If you have sensitive notes, either exclude those paths or run qmd in a sandboxed environment. Overall the skill is internally consistent with its stated purpose, but verify the upstream qmd project and its model-download/network behavior before installing.

Review Dimensions

Purpose & Capability: okName/description (local hybrid search for markdown) match the declared requirement (qmd binary) and the SKILL.md commands (qmd search, vsearch, query, embed, update, etc.). There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteInstructions direct the agent to run qmd commands and to index and read user-specified markdown files (e.g., qmd collection add /path/to/notes). This is expected for a local search tool. SKILL.md also states that qmd will auto-download GGUF models to ~/.cache/qmd/models/ and may load local LLMs for semantic search (vsearch/query), which implies network downloads, substantial disk usage, and high memory when models are loaded — an expected but important side effect to be aware of.
Install Mechanism: noteThe skill is instruction-only (no packaged install spec in the registry), but SKILL.md suggests installing qmd via Bun (bun install -g https://github.com/tobi/qmd). Installing from a public GitHub repo via Bun is a common pattern but carries the usual moderate risk of executing third-party code from upstream; the instruction is not using obscure hosts or shorteners. Registry/metadata mismatch: registry listed no install spec while SKILL.md contains install instructions — benign but slightly inconsistent.
Credentials: okThe skill requests no credentials or special env vars. It mentions PATH and XDG_CACHE_HOME only for practical setup and cache override. No disproportionate secret access is requested.
Persistence & Privilege: okalways is false and the skill does not request persistent/global agent privileges. SKILL.md suggests optionally running recurring index/embed jobs (cron) — this is user-controlled and not enforced by the skill. The skill does not modify other skills or agent-wide config.