Skillv1.0.0

ClawScan security

QMD — Quality Markdown Formatter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 6:39 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (a local qmd CLI indexer/searcher) matches what it requests and documents, but there are a few small metadata and install-related items to double-check before installing.
Guidance: This skill appears to do what it claims (wrap the qmd CLI). Before installing, verify the qmd source: review the GitHub repo (https://github.com/tobi/qmd) and its install scripts for unexpected postinstall behavior. Prefer installing in a sandbox/container if you’re uncertain. Be aware that qmd will read and index local files (the docs show adding arbitrary paths and masks), so avoid indexing sensitive directories unless you trust the tool. The SKILL.md mentions OLLAMA_URL (default localhost) but doesn't declare it — ensure you don’t point OLLAMA_URL to an untrusted remote endpoint. Finally, note the small metadata mismatch in owner IDs in the package metadata — confirm the upstream repo/author identity if provenance matters to you.

Review Dimensions

Purpose & Capability: okName/description (local indexing/search with BM25/vectors/rerank) align with the declared dependency on a qmd binary and the provided qmd CLI usage. Requiring the qmd binary is expected for this functionality.
Instruction Scope: noteSKILL.md only documents qmd CLI commands (index, search, get, mcp). It references OLLAMA_URL (default http://localhost:11434) for embeddings/rerank — this environment variable is used in the instructions but is not declared in requires.env. The instructions implicitly allow indexing arbitrary local paths (e.g. qmd collection add /path) which is consistent with the tool but means a user/agent could index sensitive local files if misused.
Install Mechanism: noteThe install spec installs a Node package from a GitHub repository URL (https://github.com/tobi/qmd). Installing code from a GitHub repo via npm can execute install/postinstall scripts; this is a common pattern but carries greater risk than using a vetted package registry or a signed release artifact.
Credentials: noteNo required env vars are declared, which is reasonable, but SKILL.md expects an optional OLLAMA_URL environment variable (not declared). No credentials are requested and index location (~/.cache/qmd) is typical. Overall environment/credential requests are proportional, but the missing OLLAMA_URL declaration is a minor inconsistency.
Persistence & Privilege: okalways is false; the skill is user-invocable and not forced into every agent run. The skill does not request system-wide config changes or additional privileges in its instructions.