Back to skill
Skillv0.1.0
VirusTotal security
Qmd · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:51 AM
- Hash
- d52ca4cda211911715462fc0d5c95941260252122ef1aad59e5f83662e500fc9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qmd-skill-3 Version: 0.1.0 The skill is classified as suspicious due to the `qmd get "path/to/file.md"` command described in `SKILL.md`. While intended for retrieving indexed markdown documents, this command grants the AI agent the capability to read the full content of arbitrary local files. This presents a significant data exposure vulnerability if the agent is susceptible to prompt injection or misdirection, potentially allowing it to access sensitive files outside its intended scope (e.g., configuration files, private keys). There is no explicit malicious intent in the provided instructions, but the exposed capability is high-risk.
- External report
- View on VirusTotal