qmd Local Search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: qmd-local-search Version: 1.0.0 The skill bundle introduces 'qmd', a local search tool for markdown files. The `SKILL.md` file provides instructions and examples for using the `qmd` CLI, including indexing local directories (`qmd collection add`), performing searches, and retrieving file content (`qmd get`). While these operations involve local file system access and the auto-download of local models, they are all consistent with the stated purpose of a local search utility. There is no evidence of prompt injection attempts with malicious intent, data exfiltration, unauthorized execution, persistence mechanisms, or other harmful behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use qmd to read local files when gathering context.
The skill documents local CLI commands that can retrieve full files or multiple files. This is purpose-aligned for search, but users should keep reads scoped.
qmd get myproject/README.md ... qmd multi-get "*.yaml" -l 50 --max-bytes 10240
Use named collections and byte/line limits, and avoid broad globs over directories containing private or secret files.
Using the skill may depend on model assets and a qmd installation outside the reviewed artifact.
The skill relies on external local models downloaded by qmd, while the provided package contains no installer or bundled code. This is disclosed and purpose-aligned, but users need to trust their qmd/model source.
Models (auto-downloaded) ... Embedding: embeddinggemma-300M ... Reranking: qwen3-reranker-0.6b ... Generation: Qwen3-0.6B
Install qmd and its models only from a trusted source, and verify what will be downloaded before first use.
Private notes, code, or documents could become part of a local searchable index if included in a collection.
The skill can create and refresh indexed collections and embeddings from local folders. This is central to local search, but it may persist representations of private local content.
qmd collection add /path/to/folder --name myproject --mask "*.md,*.py" ... qmd update ... Use `qmd embed` to enable vector search
Index only intended folders, use masks/exclusions where possible, and remove or rebuild collections if sensitive files were added by mistake.