ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QMD Memory

v1.0.0

Enables local hybrid memory search and embedding using QMD to reduce API costs by $50-300/month with automatic setup, smart indexing, and multi-agent sharing.

1· 547·10 current·10 all-time
by@asabovetech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (local QMD memory to reduce API spend) aligns with the included scripts and SKILL.md: setup installs QMD via npm, creates collections from your workspace, runs qmd update/embed, and can start an MCP server. However skill.json references a script (scripts/add-collection.sh) that is not present in the file manifest — this is an incoherence. The skill also declares no required env vars but relies on OPENCLAW_WORKSPACE if present.
!
Instruction Scope
SKILL.md and scripts scan and index files under your workspace (default ~/.openclaw/workspace or OPENCLAW_WORKSPACE). Indexing 'workspace' is expected for a memory tool but can capture sensitive files (agent config, tokens, snippets containing credentials). The setup script will add collections for any matching directories and runs qmd embed (which processes local files). SKILL.md also shows a cron example for nightly updates, but the scripts do not actually install cron jobs — that's a documentation mismatch.
Install Mechanism
There is no package-level install spec; instead the setup script runs 'npm install -g @tobilu/qmd' at runtime. Installing a global npm package is common but downloads and runs third-party code (and that package will perform model downloads). The models (~2GB) are auto-downloaded by QMD from unspecified hosts. This is a moderate install risk because network downloads occur at setup time and code is fetched from the npm registry rather than a pinned, auditable release included in the skill bundle.
!
Credentials
The skill declares no required env vars or credentials, which is appropriate, but the setup script reads OPENCLAW_WORKSPACE (undeclared) and will scan that path and create collections. That means the skill may read and index any files under your workspace (including secrets stored in docs or config). It does not request external API keys (good), but the behavior of indexing arbitrary workspace files is a privacy risk and should be intentional and visible to the user.
Persistence & Privilege
always:false and default autonomous invocation are normal. The skill does not request permanent platform-level privileges or modify other skills. It can start a local MCP HTTP server (qmd mcp --http --daemon) which may accept connections; the script claims localhost:8181 but does not explicitly bind/address-check. The skill also writes to ~/.cache/qmd (models, index, pid) — expected for a local search tool.
What to consider before installing
This skill appears to implement a local QMD-based memory integration, but check these items before installing: 1) Confirm the upstream source/repository and review the npm package @tobilu/qmd (the setup script installs it globally). 2) Understand that setup will scan and index your workspace (OPENCLAW_WORKSPACE or ~/.openclaw/workspace) — review your workspace for any files you don't want indexed (API keys, credentials, private notes) or run setup in a safe/test workspace first. 3) The skill auto-downloads ~2GB of models via QMD — ensure you have disk space and bandwidth, and verify where models come from. 4) There is a manifest inconsistency: skill.json references scripts/add-collection.sh which is missing — ask the author or inspect the package you install. 5) The serve command launches an HTTP MCP server; verify it binds only to localhost and secure access if you enable multi-agent sharing. 6) Prefer running the setup script contents manually (or inspect it line-by-line) rather than blindly executing as root. If you cannot verify the upstream repo or package code, treat installation as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk970fmmwwc6nnkv56w07e9ywp1821b3h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

QMD Memory Skill for OpenClaw

Local Hybrid Search — Save $50-300/month in API Costs

Author: As Above Technologies Version: 1.0.0 ClawHub: [Coming Soon]

💰 THE VALUE PROPOSITION

API Costs You're Paying Now

OperationAPI CostFrequencyMonthly Cost
memory_search (embedding)$0.02-0.0550-200/day$30-300
Context retrieval$0.01-0.03100+/day$30-90
Semantic queries$0.03-0.0820-50/day$18-120
TOTAL$78-510/month

With QMD Local

OperationCostWhy
All searches$0Runs on your machine
Embeddings$0Local GGUF models
Re-ranking$0Local LLM

Your savings: $50-300+/month

One-time setup. Forever free searches.

🚀 QUICK START

# Install the skill
clawhub install asabove/qmd-memory

# Run setup (installs QMD, configures collections)
openclaw skill run qmd-memory setup

# That's it. Your memory is now supercharged.

WHAT YOU GET

1. Automatic Collection Setup

Based on your workspace structure, we create optimized collections:

✓ workspace     — Core agent files (MEMORY.md, SOUL.md, etc.)
✓ daily-logs    — memory/*.md daily logs
✓ intelligence  — intelligence/*.md (if exists)
✓ projects      — projects/**/*.md (if exists)
✓ documents     — Any additional doc folders you specify

2. Smart Context Descriptions

We add context to each collection so QMD understands what's where:

qmd://workspace    → "Agent identity and configuration files"
qmd://daily-logs   → "Daily work logs and session history"
qmd://intelligence → "Analysis, research, and reference documents"

3. Pre-configured Cron Jobs

# Auto-update index (nightly at 3am)
0 3 * * * qmd update && qmd embed

# Keep your memory fresh without thinking about it

4. OpenClaw Integration

Memory search now uses QMD automatically:

  • memory_search → routes to QMD hybrid search
  • memory_get → retrieves from QMD collections
  • Results include collection context

5. Multi-Agent MCP Server (Optional)

# Start shared memory server
openclaw skill run qmd-memory serve

# All your agents can now query collective memory
# Forge, Thoth, Axis — shared knowledge base

📊 SEARCH MODES

ModeCommandBest For
Keywordqmd search "query"Exact matches, fast
Semanticqmd vsearch "query"Conceptual similarity
Hybridqmd query "query"Best quality (recommended)

Example Queries

# Find exact mentions
qmd search "Charlene" -n 5

# Find conceptually related content
qmd vsearch "how should we handle customer complaints"

# Best quality — expansion + reranking
qmd query "what decisions did we make about pricing strategy"

# Search specific collection
qmd search "API keys" -c workspace

🔧 CONFIGURATION

Add Custom Collections

openclaw skill run qmd-memory add-collection ~/Documents/research --name research

Add Context

openclaw skill run qmd-memory add-context qmd://research "Market research and competitive analysis"

Refresh Index

openclaw skill run qmd-memory refresh

💡 TEMPLATES

Trading/Investing Workspace

openclaw skill run qmd-memory template trading

Creates:

  • intelligence — Trading systems, dashboards, signals
  • market-data — Price history, analysis
  • research — Due diligence, reports
  • daily-logs — Trade journal

Content Creator Workspace

openclaw skill run qmd-memory template content

Creates:

  • articles — Published content
  • drafts — Work in progress
  • research — Source material
  • ideas — Brainstorms, notes

Developer Workspace

openclaw skill run qmd-memory template developer

Creates:

  • docs — Documentation
  • notes — Technical notes
  • decisions — ADRs, architecture decisions
  • snippets — Code snippets, examples

📈 COST SAVINGS CALCULATOR

Run this to see your estimated savings:

openclaw skill run qmd-memory calculate-savings

Output:

Your Current API Memory Costs (estimated):
  memory_search calls/day:     ~75
  Average cost per call:       $0.03
  Monthly API cost:            $67.50

With QMD Local:
  Monthly cost:                $0.00

YOUR MONTHLY SAVINGS:          $67.50
YOUR ANNUAL SAVINGS:           $810.00

ROI on skill purchase:         40x (if skill was $20)

🛠️ TECHNICAL DETAILS

Models Used (Auto-Downloaded)

ModelPurposeSize
embeddinggemma-300M-Q8_0Vector embeddings~300MB
qwen3-reranker-0.6b-q8_0Re-ranking results~640MB
qmd-query-expansion-1.7B-q4_k_mQuery expansion~1.1GB

Total: ~2GB (one-time download)

System Requirements

  • Node.js >= 22
  • ~3GB disk space (models + index)
  • ~2GB RAM during embedding (then minimal)

Where Data is Stored

~/.cache/qmd/
├── index.sqlite      # Search index
├── models/           # GGUF models
└── mcp.pid           # MCP server PID (if running)

🤝 SUPPORT

Questions?

  • GitHub Issues: github.com/asabove/qmd-memory-skill
  • Discord: As Above community
  • Email: support@asabove.tech

Found it valuable?

  • Star us on ClawHub
  • Share with other OpenClaw users
  • Subscribe to our newsletter for more agent optimization tips

📜 LICENSE

MIT — Use freely, modify as needed.

QMD itself is created by Tobi Lütke (github.com/tobi/qmd). This skill provides easy OpenClaw integration.

"Stop paying for memory. Start compounding knowledge."

As Above Technologies — Agent Infrastructure for Humans

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…