ClawHub

QMD Memory

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the promised local memory search, with expected local indexing, model downloads, and optional server behavior that users should review before setup.

Install only if you want local QMD indexing of your OpenClaw workspace. Review setup.sh first, avoid running it as root, keep secrets out of indexed markdown folders, expect a global npm install plus roughly 2GB of model downloads, and only run the MCP server or add a cron refresh if you understand how to stop or remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises "Nightly auto-updates" and states that models "download automatically on first run (~2GB one-time)" without clearly foregrounding that the skill will initiate network access and make significant local disk changes. In an agent skill context, undeclared automatic downloads and background updates reduce user awareness and can lead to unexpected code/model retrieval, storage consumption, or policy violations in restricted environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic collection setup, indexing, cron job installation, and model downloads, but it does not clearly disclose the scope of filesystem modifications, persistent background behavior, or what paths and files will be touched. This is dangerous because users may run setup with incomplete consent, resulting in unintended persistence, indexing of sensitive local documents, or unexpected resource/network usage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal