Qmd
ReviewAudited by ClawScan on May 1, 2026.
Overview
This looks like a legitimate local markdown search skill, but it asks you to install QMD and index selected notes, which can make private markdown content available to the agent.
This skill is coherent for local markdown search and shows no artifact-backed malicious behavior. Before installing, verify the external QMD npm package, index only folders you are comfortable exposing to the agent, and avoid enabling the background MCP/HTTP server unless you need it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to run QMD operations such as search, retrieval, embedding, collection management, or server startup if those commands exist in the installed QMD tool.
The skill grants access to all qmd CLI commands and all qmd MCP tools. This is consistent with a QMD search integration, but it is broader than a single read-only search command.
allowed-tools: Bash(qmd:*), mcp__qmd__*
Install only if you are comfortable giving the agent QMD-level access, and review sensitive actions such as adding large collections, embedding private folders, or starting servers.
Installing the package gives external code access to run locally and read the markdown folders you configure for QMD.
The skill depends on an external globally installed npm package, and the artifact does not pin a version in the install command. This is disclosed and purpose-aligned, but it shifts trust to that package.
Install via `npm install -g @tobilu/qmd`.
Verify the npm package and publisher before installing, consider pinning a trusted version, and avoid running the setup on folders with secrets unless you understand how QMD stores its index.
Private notes, journals, or documentation in configured collections may be searchable and retrievable by the agent during future tasks.
The setup indexes a local notes folder into QMD. This is the expected purpose of the skill, but it can persist and later retrieve private markdown content into agent context.
qmd collection add ~/notes --name notes qmd embed
Only add folders you intend the agent to search, use collection filters where possible, and avoid indexing secrets, credentials, or highly private notes.
If enabled, local clients that can reach the QMD MCP/HTTP service may be able to query indexed documents while the server is running.
The reference describes running QMD as an MCP/HTTP service, optionally in the background. This is a normal integration mode, but it creates a local service that can provide access to indexed markdown content.
qmd mcp --http # Port 8181 qmd mcp --http --daemon # Background qmd mcp stop # Stop daemon
Use the daemon only when needed, keep it bound to trusted local access, and stop it when not in use.