ClawHub
Back to skill
v0.1.0

Qmd

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

This skill is coherent for local Markdown search, but users should notice that it installs an external CLI, indexes private local notes, and optionally runs scheduled re-indexing.

GuidanceInstall only if you are comfortable adding the qmd CLI from the referenced GitHub project. When setting it up, index narrow Markdown folders rather than broad home or work directories, and be cautious with full-document retrieval and optional cron-based re-indexing.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
`bun install -g https://github.com/tobi/qmd`

The skill directs users to install an external CLI globally from a GitHub URL. This is central to the skill's purpose, but the install is not pinned to a specific version or release in the provided artifact.

User impactInstalling the skill may add a globally available command from an external source, so future behavior depends on that package.
RecommendationReview the qmd project source or pin to a trusted release before installing, especially on machines with sensitive notes.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
0 * * * * export PATH="$HOME/.bun/bin:$PATH" && qmd update

The skill provides optional cron examples for recurring index updates. This is disclosed maintenance behavior, but it is a form of persistence if the user installs the schedule.

User impactScheduled indexing can keep scanning indexed folders in the background until the schedule is removed.
RecommendationUse scheduled updates only if you want ongoing indexing, and keep track of any cron or agent scheduler entries so they can be disabled later.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
qmd collection add /path/to/notes --name notes --mask "**/*.md"

The setup indexes local Markdown files into searchable collections, and later commands can retrieve matching documents. This is the intended function, but it may create a reusable index over private notes.

User impactIf broad or sensitive folders are indexed, the agent may later search or retrieve private Markdown content from those collections.
RecommendationIndex only the folders you intend the agent to search, use collection restrictions such as `-c notes`, and avoid returning full documents unless needed.