Skillv1.0.0

ClawScan security

Qmd Memory 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 2:21 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and required actions are coherent with its stated purpose (local QMD-based memory/indexing); it does install an npm QMD client and auto-download models, so review those network operations before running.
Guidance: This skill appears to do what it says: it installs the QMD CLI, scans and indexes files in your specified workspace, and runs local embeddings and a local re-ranker. Before installing/running setup: 1) Inspect the npm package @tobilu/qmd on the npm registry/GitHub to confirm you trust the upstream publisher; npm -g will execute package install scripts and place a binary on your PATH. 2) Expect ~2GB of model downloads and non-trivial CPU/RAM/disk use during embedding; ensure you are comfortable with the network and storage usage. 3) The setup will scan and index files under your workspace (default ~/.openclaw/workspace) — do not run it against directories that contain secrets you don't want indexed. 4) The skill can start a local MCP server bound to localhost:8181 for multi-agent sharing; this is local-only but review whether you want that service running. 5) Minor inconsistency: skill.json references scripts/add-collection.sh but that file is not present in the bundle — consider that an omission and verify available commands before relying on them. If you have concerns, run the setup in an isolated/sandbox environment or manually run the commands in the scripts after reviewing them.

Review Dimensions

Purpose & Capability: okName/description (local hybrid memory with QMD) match the included scripts and SKILL.md. The setup script installs a QMD CLI, configures collections from your workspace, and runs indexing/embeddings — all consistent with building a local search/indexing system to replace remote memory API calls.
Instruction Scope: noteSKILL.md instructs the agent/user to run setup which scans the workspace path (default $HOME/.openclaw/workspace or OPENCLAW_WORKSPACE) and creates QMD collections, runs qmd update/embed, and can start a local MCP server. These actions are expected for the feature, but they will read and index files under the workspace (including any sensitive .md files), and run commands that download models and generate embeddings. The skill does not request unrelated system credentials or attempt to read unrelated system paths.
Install Mechanism: noteNo formal install spec in registry, but scripts call npm install -g @tobilu/qmd during setup. Installing an npm package globally and running it is necessary for the skill's functionality but has moderate risk: it executes third-party package code and triggers model downloads (~2GB) on first run. The model download sources are not enumerated in the skill bundle (they are performed by the qmd tool), so verify the upstream package and its model sources before running.
Credentials: okThe skill declares no required environment variables or credentials. The setup script uses an optional OPENCLAW_WORKSPACE env var to locate files — that is proportionate. No secrets or tokens are requested or referenced by the skill bundle.
Persistence & Privilege: okalways:false and no modifications to other skills or global agent configs are present. The skill can start a local MCP server (qmd mcp --http --daemon) which creates a local PID file and listens on localhost:8181; this is a normal capability for sharing memory across co-located agents but does not imply system-wide privilege escalation.