Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Qmd
v0.1.0Search markdown knowledge bases, notes, and documentation using QMD. Use when users ask to search notes, find documents, or look up information.
⭐ 0· 173·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md consistently documents using the qmd CLI / MCP server to search markdown collections, which aligns with the skill name and description. However, the registry metadata declares no required binaries or install steps while the instructions clearly expect a qmd CLI (npm package @tobilu/qmd) and optionally running an MCP server — a minor mismatch between metadata and runtime expectations.
Instruction Scope
Runtime instructions instruct the agent/user to add local directories as collections (e.g., qmd collection add ~/notes) which requires reading local files (expected for a search tool). More importantly, the references explicitly show edits to client config files (~/.claude/settings.json, ~/Library/... , ~/.openclaw/openclaw.json) to register an MCP server. That involves modifying other agent/application configuration and enabling a local HTTP daemon (qmd mcp --http), which increases the skill's scope beyond simple search.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md recommends installing via npm install -g @tobilu/qmd. Installing a third-party npm package globally is a common but potentially risky action — the package and its provenance should be verified before installing. No direct download URLs or obfuscated installs are present.
Credentials
The skill does not request environment variables, credentials, or config paths in the registry metadata. The instructions do reference user-local paths (home directories) when adding collections and show how to configure MCP servers, but they do not ask for unrelated credentials or secrets.
Persistence & Privilege
The skill does not request always:true, but the docs recommend registering qmd as an MCP server in the agent/client configuration (e.g., ~/.openclaw/openclaw.json). That is a change to the agent's configuration/behavior and effectively grants persistent integration (and potentially autonomous access to local files via the qmd daemon). Users should be aware this modifies agent settings beyond the skill's own isolated files.
What to consider before installing
This skill appears to do what it says (search local markdown) but you should be cautious before installing or enabling it: 1) Verify the npm package (@tobilu/qmd) and its source code/reputation before running npm install -g; prefer reviewing the package on npm/GitHub or installing in a sandbox/container. 2) Be aware qmd will read whatever directories you add as collections — only add directories you trust and avoid system or secrets-containing paths. 3) The references suggest adding qmd as an MCP server in agent configs (e.g., ~/.openclaw/openclaw.json); back up those config files before modifying them and understand that this grants the tool persistent integration with your agent. 4) If you will run qmd mcp --http (daemon), consider firewall/port controls (default 8181) and whether you want a local HTTP endpoint. 5) If you need lower risk, keep the skill instruction-only (do not modify agent config) and run qmd manually in a controlled environment. If you want this skill, validate the package and its behavior first; the metadata omission of the expected qmd binary is a small inconsistency but not necessarily malicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97bv1ewbe87kdpgwts7e98srd83105h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.