Back to skill
Skillv1.0.0
ClawScan security
Qmd Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (a helper for the qmd local search CLI); it doesn't request unrelated credentials or privileged persistence, though you should review the upstream npm/GitHub package before installing and avoid pointing OLLAMA_URL at remote endpoints.
- Guidance
- This skill appears to be a straightforward helper for the qmd CLI and is coherent with what it asks for. Two practical precautions before installing or using it: (1) Review the GitHub repo/package (https://github.com/tobi/qmd) so you know what code will be installed — npm/GitHub installs can execute arbitrary code. (2) Never set OLLAMA_URL to a remote/non-localhost endpoint unless you intentionally want your indexed content sent to that service; the SKILL.md warns that embeddings are transmitted to OLLAMA_URL and recommends keeping it local. Also follow the guardrails in SAFETY.md: confirm before deleting ~/.cache/qmd, never pipe qmd output to network commands, and redact any secrets found in search results.
Review Dimensions
- Purpose & Capability
- okName/description match the requirements and instructions: the skill requires the 'qmd' binary and provides commands for indexing/searching local files. The declared install (a node package from a GitHub repo that creates the 'qmd' binary) is coherent with the stated purpose.
- Instruction Scope
- okSKILL.md only instructs use of qmd CLI commands and documents expected behaviour (index location, Ollama usage, MCP mode). It also includes explicit safety guardrails (confirm before destructive ops, avoid piping output to network, redact secrets). There are no instructions to read or transmit unrelated system data.
- Install Mechanism
- noteThe install spec pulls a Node package from a GitHub repository (https://github.com/tobi/qmd) and installs the 'qmd' binary. Installing code from a third‑party GitHub repo/npm can be reasonable for a CLI but carries standard supply-chain risk — review the repo/source before installing.
- Credentials
- okThe skill does not require environment variables or credentials. It documents OLLAMA_URL (default localhost) for embeddings; this is expected, and the SKILL.md explicitly warns not to set it to a non-localhost endpoint because embeddings transmit indexed content.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request to modify other skills or system-wide settings, and has no declared config path requirements. It does not demand elevated or persistent privileges.