QMD Memory
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned local memory search skill, but it installs QMD, indexes private OpenClaw workspace files, and can optionally share that memory through a local daemon.
Before installing, verify that you trust the QMD npm package, then review the collections it will index. Do not include folders containing secrets or sensitive client data unless you want them searchable. Only start the MCP daemon for trusted multi-agent workflows, and stop it when you are done.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup can install third-party code and dependencies on your machine.
The setup script installs an unpinned global npm package at runtime. This is central to the skill's purpose and disclosed, but the package code/version is outside the reviewed artifacts.
npm install -g @tobilu/qmd
Install only if you trust QMD and the npm package source; maintainers should pin versions and declare the Node/QMD installation requirement in registry metadata.
Private logs, project notes, and core agent files may become searchable by the agent.
The skill indexes OpenClaw workspace and memory Markdown files into QMD collections. That is expected for local memory search, but these files can contain sensitive notes or instructions that future searches may reuse.
WORKSPACE="${OPENCLAW_WORKSPACE:-$HOME/.openclaw/workspace}" ... qmd collection add "$WORKSPACE/memory" --name daily-logs --mask "**/*.md" ... qmd collection add "$WORKSPACE" --name workspace --mask "*.md"Review which folders are added, avoid indexing secrets or sensitive client data, and clear or restrict the QMD cache/collections if needed.
Other local agents or local processes may be able to query the indexed memory while the server is running.
The optional serve command exposes shared memory through an HTTP MCP daemon for local agents. The artifacts do not describe authentication or per-agent access controls.
echo " All agents can now query shared memory at localhost:8181" ... qmd mcp --http --daemon
Run the MCP server only on trusted machines, verify it binds only to localhost, stop it when not needed, and use separate collections for data that should not be shared.
The memory-sharing service can continue running beyond the immediate task until you stop it.
The server command intentionally starts a background daemon that persists after the command returns, with a documented stop command.
qmd mcp --http --daemon ... Stop with: qmd mcp stop
Use the daemon only when you need multi-agent sharing, check its status periodically, and stop it with the documented command when finished.