Qmd
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed local markdown search helper; the main thing to understand is that folders you add to QMD can become searchable and retrievable by the agent.
Install only if you trust the external QMD npm package. Add only markdown folders that are appropriate for agent search, avoid indexing secrets or highly private notes, and run the optional background server only when needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.