Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
QMD CLI
v1.1.0Search and retrieve markdown documents from local knowledge bases using qmd. Supports BM25 keyword search, vector semantic search, and hybrid search with LLM re-ranking. Use for querying indexed notes, documentation, meeting transcripts, and any markdown-based knowledge. Requires qmd CLI installed (bun install -g https://github.com/tobi/qmd).
⭐ 4· 3.9k·14 current·14 all-time
by@dpaluy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide local markdown search via the qmd CLI, which is coherent. However the metadata lists no required binaries or install steps while the SKILL.md explicitly requires installing the qmd CLI via `bun install -g https://github.com/tobi/qmd`. The metadata omission is an inconsistency — the agent (and user) would legitimately need bun and qmd to use this skill.
Instruction Scope
The runtime instructions are narrowly focused on running qmd commands (search, vsearch, query, get, multi-get, update, status). These operate over local markdown collections and are consistent with the stated purpose. However the doc also mentions running `qmd mcp` (a local server) which could expose indexed content over a network interface if started; the SKILL.md does not discuss network exposure or access controls.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md recommends installing qmd globally using bun from a GitHub URL. That is a non-platform-managed global install from a repo URL and should be treated carefully. The registry should declare required binaries (bun, qmd) or provide an install mechanism; the current mismatch is unexpected.
Credentials
The skill declares no environment variables or credentials, which is proportionate. But qmd commands will read arbitrary local markdown files and indexes (by design). If the agent runs these commands, it can access any files included in collections — ensure collections are restricted to intended paths. The SKILL.md does not request secrets, but local-document content could still be sensitive.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always is false). It does not modify other skills or system-wide agent settings per the provided metadata. No persistence concerns were detected in the registry metadata.
What to consider before installing
This skill appears to be an instruction wrapper for the qmd CLI, which is reasonable for local markdown search — but take these precautions before installing or enabling it:
- Note the mismatch: SKILL.md requires bun and the qmd CLI (installed via `bun install -g https://github.com/tobi/qmd`) but the skill metadata does not declare these dependencies. Verify you have a trusted source for qmd and bun before installing.
- Installing a global package from a GitHub URL can run arbitrary code on your machine. Prefer installing qmd from the official project releases or inspect the repository before running the install command.
- qmd operates on local files and indexes; ensure only non-sensitive directories are added as collections. If you run `qmd mcp`, that starts a server which may expose content over the network — only run it in a controlled environment and review access controls.
- Because this skill is instruction-only, the platform won't manage the install; consider testing qmd in an isolated environment or VM first.
- If you plan to enable autonomous agent invocation, be cautious: an agent with this skill can execute qmd commands that read local files and return their contents. If you want to proceed, ask the skill author to update metadata to declare required binaries and to document network/server implications.Like a lobster shell, security has layers — review code before you run it.
latestvk97ama8q190y6a8wph0n0yytad8030z0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.