Back to skill
Skillv1.0.0
ClawScan security
Max QMD Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 6:15 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a local search/indexing CLI: it requires the qmd binary, documents how to use it, and only references a local Ollama endpoint; minor inconsistencies and install risks are noted but do not indicate malicious intent.
- Guidance
- This skill appears to be a straightforward wrapper around the qmd CLI and is coherent with its description. Before installing: (1) review the GitHub repo (https://github.com/tobi/qmd) for any postinstall scripts or surprising behavior; (2) confirm you are comfortable letting the tool read and write an index under ~/.cache/qmd; (3) be aware it will call an Ollama endpoint (default http://localhost:11434) for embeddings/rerank — if you set OLLAMA_URL to a remote host, documents sent for embedding could leave your machine; prefer a local Ollama instance or explicitly set OLLAMA_URL. The ownerId mismatch in metadata is a packaging inconsistency worth double-checking with the publisher if provenance is important.
Review Dimensions
- Purpose & Capability
- noteName/description, required binary (qmd), and runtime instructions all align: the skill is a thin wrapper around the qmd CLI. Minor metadata mismatch: the _meta.json ownerId differs from the registry Owner ID provided, which could indicate inconsistent packaging/metadata but does not change the technical behavior.
- Instruction Scope
- noteSKILL.md only tells the agent to run qmd commands, index local files, and query the index. It references the OLLAMA_URL env var (default http://localhost:11434) and the local index path (~/.cache/qmd). These are within the expected scope for a local search tool, but the SKILL.md references an env var that is not declared in the registry metadata (requires.env), so the agent may read that variable at runtime even though it wasn't listed.
- Install Mechanism
- noteInstall spec uses a Node package pointing at a GitHub repository (https://github.com/tobi/qmd) which will create the qmd binary. Installing a package directly from a GitHub repo is a common choice but carries moderate risk because postinstall scripts or repository content can run arbitrary code during install. This is not unusual for a CLI but is worth auditing the repository before installing.
- Credentials
- noteThe skill declares no required environment variables, but the instructions expect OLLAMA_URL for embedding/rerank (defaulting to a localhost endpoint). No unrelated credentials are requested. The mismatch between declared env requirements and the documented OLLAMA_URL is a small inconsistency to be aware of.
- Persistence & Privilege
- okalways is false and the skill does not request persistent platform privileges. The tool reads/writes its index under ~/.cache/qmd which is expected for a local indexing tool and does not modify other skills or global agent settings.