Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dual Retrieval
v1.0.0Combines M-Flow graph topology and QMD BM25+vector retrieval to merge and rank results for precise multi-hop and semantic search.
⭐ 0· 61·0 current·0 all-time
bysune@sora-mury
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and description match the code: it combines M-Flow and QMD search results and implements merging strategies. However, the skill expects local QMD artifacts and a local 'm-flow' skill directory (loaded dynamically) even though SKILL.md and registry metadata declare no config paths or credentials. The requirement to access a local QMD DB and a sibling skill directory is not declared in the metadata.
Instruction Scope
SKILL.md describes the high-level pipeline but does not mention reading the user's local QMD SQLite DB or writing a report to disk. The included Python code directly opens C:/Users/Administrator/.cache/qmd/index.sqlite, issues arbitrary SQL, prints sample rows, and the test writes a report to a knowledge/ directory. Those file accesses and outputs are outside what the SKILL.md explicitly documents and could expose private data.
Install Mechanism
There is no installer (instruction-only from registry perspective). That reduces supply-chain risk. However, the skill includes Python code files that will be executed when the skill is used; no network downloads or third-party package installations are declared in the install metadata.
Credentials
The skill requests no environment variables or credentials, yet it reads a hard-coded, absolute Windows path (C:/Users/Administrator/.cache/qmd/index.sqlite) and attempts to load a .env from a sibling m_flow directory. Access to a user's local document index (QMD DB) is equivalent to requesting access to potentially sensitive data and should have been declared as a required config path or credential. Dynamic importing of a local 'm-flow' skill directory also implies access to code and env that belong to other skills without declaration.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does write a report file in the test code (knowledge/dual-retrieval-report.md) and may create directories, but it does not modify other skills' configurations or request persistent agent-level privileges.
What to consider before installing
This skill does what it claims (combines M-Flow and QMD results) but the implementation reads a hard-coded local QMD SQLite database and dynamically loads a local 'm-flow' module without declaring those accesses. Before installing or running:
- Treat this as potentially accessing private local documents (QMD DB). Do not run it in an environment with sensitive data unless you reviewed or sandboxed it.
- Inspect or run the scripts in a safe, isolated environment (disposable VM or container). Confirm the C:/Users/Administrator/.cache/qmd/index.sqlite path and any data it contains.
- If you expect to use it, ask the author to parameterize the DB path and m-flow location (don’t hard-code C:\Users\Administrator...), declare required config paths in metadata, and avoid printing or writing raw document content.
- Verify the dynamically loaded m-flow code is from a trusted source before allowing the skill to import it.
- If you cannot confirm these changes, consider the skill suspicious and avoid granting it access to your real data or environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97386pbg0pxeh0vfejt1bs6mx849d2d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.