qmd Local Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use qmd to read local files when gathering context.
The skill documents local CLI commands that can retrieve full files or multiple files. This is purpose-aligned for search, but users should keep reads scoped.
qmd get myproject/README.md ... qmd multi-get "*.yaml" -l 50 --max-bytes 10240
Use named collections and byte/line limits, and avoid broad globs over directories containing private or secret files.
Using the skill may depend on model assets and a qmd installation outside the reviewed artifact.
The skill relies on external local models downloaded by qmd, while the provided package contains no installer or bundled code. This is disclosed and purpose-aligned, but users need to trust their qmd/model source.
Models (auto-downloaded) ... Embedding: embeddinggemma-300M ... Reranking: qwen3-reranker-0.6b ... Generation: Qwen3-0.6B
Install qmd and its models only from a trusted source, and verify what will be downloaded before first use.
Private notes, code, or documents could become part of a local searchable index if included in a collection.
The skill can create and refresh indexed collections and embeddings from local folders. This is central to local search, but it may persist representations of private local content.
qmd collection add /path/to/folder --name myproject --mask "*.md,*.py" ... qmd update ... Use `qmd embed` to enable vector search
Index only intended folders, use masks/exclusions where possible, and remove or rebuild collections if sensitive files were added by mistake.