Kimi Use
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Install only if you trust the Kimi API endpoint and are comfortable sending selected prompts or images there. Set KIMI_API_HOST only to a trusted endpoint, protect your KIMI_API_KEY, and be aware that the documented search feature is not present in the reviewed code. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Kimi API key will be used for requests and could be exposed to the configured API host if that host is changed.
The skill uses a provider API key from the environment and sends it in API requests. This is expected for Kimi API access and is disclosed in SKILL.md, but the registry metadata says there is no primary credential or required env var.
const KIMI_API_KEY = process.env.KIMI_API_KEY; ... 'Authorization': `Bearer ${KIMI_API_KEY}`Use only the official Kimi endpoint unless you intentionally trust another host, and the publisher should declare KIMI_API_KEY in metadata.
Any selected image file, plus prompts or translation text, will be sent to the configured Kimi-compatible API endpoint.
For image understanding, the script reads a local file path and includes its base64 contents in the external API request.
const buffer = readFileSync(resolve(imagePath)); ... { type: 'image', source: { type: 'base64', media_type: mimeType, data: imageData } }Only use this skill with text and image files you are comfortable sending to Kimi, and avoid pointing KIMI_API_HOST at untrusted services.
Running npm install may fetch external packages that are not needed by the current script.
SKILL.md instructs npm install, and package.json allows semver-range dependency resolution. The reviewed code does not actually import these packages, so they appear unnecessary in the provided source.
"dependencies": { "openai": "^4.0.0", "minimist": "^1.2.8" }Prefer a lockfile and pinned dependencies, and remove unused dependencies if they are not required.
Using the documented Node.js import style may unexpectedly print usage, exit the process, or act on the importing process arguments.
The script exports functions for module use but still runs main() unconditionally, so importing the module can execute the CLI path instead of only defining functions.
export { chat, understandImage, translate };
main().catch(err => { console.error('Fatal error:', err.message); process.exit(1); });Guard the CLI entrypoint so main() runs only when the file is executed directly, not when imported.
Users or agents may believe the skill performs web search when the reviewed code does not support that command.
The documentation advertises search/webSearch, but the provided script only implements and exports chat, understandImage, and translate.
node scripts/index.js search "今日新闻" ... import { chat, understandImage, translate, webSearch } from './scripts/index.js';Update the documentation to match the implementation or add a clearly scoped search function.