Back to skill

Security audit

Qmd

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent helper for installing and using a local Markdown search tool, with ordinary cautions around indexing private notes and downloading local model files.

Install only if you are comfortable using Bun to install qmd from GitHub and allowing qmd to download local model files on first semantic use. Add narrow Markdown folders rather than broad private directories, and enable the cron/scheduler examples only if you want ongoing background re-indexing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a local markdown search tool, but the documented behavior states that model files are automatically downloaded on first run. That creates an unexpected network-fetch and supply-chain boundary not obvious from the manifest description, which can violate offline expectations, trigger unreviewed code/model retrieval, and expand the attack surface in environments that treat 'local search' skills as low risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.