Skillv1.0.0

ClawScan security

Kimi CLI 无头执行操作手册 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 15, 2026, 2:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and scope are internally consistent with its stated purpose (guiding headless use of the Kimi CLI), but it legitimately describes potentially destructive behaviors (automatic approvals / --yolo) so exercise caution before allowing autonomous runs.
Guidance: This skill is coherent and does what it says: it teaches how to run Kimi CLI in headless/CI environments. The main risk is operational (file modifications and shell commands when `--yolo` or implicit approval is used). Before installing or enabling this skill: 1) ensure the agent cannot run destructive commands without explicit, auditable user confirmation; 2) prefer `--quiet` by default and avoid `--yolo` unless the user explicitly consents; 3) run Kimi invocations in a sandbox or test branch when possible; 4) verify that `kimi` is the intended CLI on your system (avoid running commands in critical system directories); and 5) if you want stronger safety, disallow autonomous invocation of this skill or require an additional human-in-the-loop confirmation step before any action that writes files or executes shell commands.

Review Dimensions

Purpose & Capability: okThe name and description claim to teach headless/non‑TTY use of the Kimi CLI; the SKILL.md exclusively contains command construction, modes, flags, output handling, guardrails, and failure modes for that CLI. No unrelated credentials, binaries, or config paths are requested. The instructions reference relevant CLI usage (which kimi, kimi --version, kimi login, ~/.kimi/config.toml), which is coherent with the stated purpose.
Instruction Scope: noteThe instructions tell the agent how to construct and run real `kimi` commands, how to check exit codes, and how to handle stdout/stderr/JSONL outputs. This stays within the skill's purpose. However the guide explicitly requires use of `--yolo` (automatic approval of file writes and shell commands) for many headless modification tasks and shows examples that will modify files. That is high-impact behavior (destructive if misused); the document does include guardrails (explicit user consent, avoid critical dirs) but this remains a substantial operational risk and should be handled with strict user confirmation or sandboxing.
Install Mechanism: okThere is no install spec and no code files; the skill is instruction-only. It recommends how a user might install the Kimi CLI (e.g., pip install kimi-cli) but does not perform any install itself — lowest install risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md mentions plausible local configuration locations (e.g., ~/.kimi/config.toml) and authentication states (API key / kimi login) which are appropriate for a CLI integration and are not excessive. It does not request unrelated secrets.
Persistence & Privilege: noteThe skill is not always-enabled and requests no persistent installation. However, because it instructs how to run potentially destructive CLI invocations (including example commands with `--yolo`), allowing the agent to autonomously invoke this skill could have high impact if confirmations are not enforced. Autonomous invocation itself is the platform default; combine that with `--yolo` usage only when explicit user consent and safeguards are in place.