ClawHub

Qmd 1.0.0

v1.0.0

Local search/indexing CLI (BM25 + vectors + rerank) with MCP mode.

3· 1.8k·16 current·16 all-time
by@instant-picture
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the runtime instructions and required binary: the skill expects a 'qmd' CLI and its commands (index, search, mcp) align with the stated local search/indexing purpose. The declared install produces the 'qmd' binary from the linked GitHub repo, which is appropriate for the stated capability.
Instruction Scope
SKILL.md only instructs the agent to run qmd commands (add collection, update, search, get). It documents where the index lives (~/.cache/qmd) and that embeddings/rerank use OLLAMA_URL (default http://localhost:11434). This is in-scope for a search tool, but it means indexed file contents may be sent to whatever OLLAMA_URL is set to; the SKILL.md mentions the env var but the skill does not declare it in requires.env.
Install Mechanism
Install is a node package pointing to a GitHub repo (https://github.com/tobi/qmd). Using a GitHub URL is common and lower risk than arbitrary downloads, but it is less vetted than an official registry release; you should inspect the repository release/packaging before installing.
Credentials
The skill declares no required environment variables, which is reasonable. However SKILL.md references OLLAMA_URL for embeddings/rerank (defaulting to localhost). That env var is relevant to the functionality but is not declared as required; if OLLAMA_URL points to a remote service, document contents could be transmitted off-host — this is a configuration/privacy consideration rather than an incoherence.
Persistence & Privilege
The skill does not request persistent platform privileges (always:false) and does not declare modifications to other skills or system-wide config. It does create and use a local index (~/.cache/qmd), which is expected for this tool and should be treated as potentially sensitive data.
Assessment
This skill appears to do what it says: it runs the qmd CLI to index and search local files. Before installing or using it: 1) Inspect the GitHub repository (https://github.com/tobi/qmd) or package contents to verify there is no unexpected behavior in the qmd binary. 2) Be deliberate about which directories you index — do not point it at sensitive system or credential directories. 3) Note the index is stored in ~/.cache/qmd; consider its permissions and clean-up policy. 4) Embeddings/rerank use OLLAMA_URL (default localhost:11434). Ensure OLLAMA_URL is set to a trusted local service — if you point it to a remote endpoint you may transmit document contents off-host. 5) Prefer running the tool in a sandbox or non-privileged account until you are comfortable with its behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d0da9sj0y1bh9vhzt24f4rx80gjk1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binsqmd

Install

Install qmd (node)
Bins: qmd
npm i -g https://github.com/tobi/qmd

Comments