ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-kirocli-coding-agent

v1.5.0

Run Codex CLI, Claude Code, Kiro CLI, OpenCode, or Pi Coding Agent via background process for programmatic control.

0· 1.2k·5 current·6 all-time
byDaniil Burykin@dandysuper
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill says it will launch/manage interactive coding CLIs (Codex, Claude Code, Kiro CLI, OpenCode, Pi) and the SKILL.md only requires the presence of those binaries and instructs how to run them (workdir, PTY, background). Requiring any of those binaries matches the described capability and is proportionate.
Instruction Scope
Instructions are focused on running interactive CLIs in a PTY, background session management, and using workdir to confine the agent. However the SKILL.md explicitly recommends disabling safeguards for automation (examples: --trust-all-tools, --no-interactive, codex --yolo) and suggests run modes that may run tools with fewer confirmations or 'elevated' host access. Those recommendations expand the operational scope (ability to run arbitrary tools with less prompting) and increase risk to the user and their codebase, even though they are coherent with automation goals.
Install Mechanism
The skill is instruction-only (no install spec), which is low-risk. The README suggests installing Kiro CLI via a remote script (curl -fsSL https://cli.kiro.dev/install | bash). That install pattern (pipe-to-shell) is commonly used but inherently higher risk than package-manager installs; the skill itself does not perform the install, but it directs users to that remote installer.
Credentials
The skill does not request any environment variables or credentials itself. It documents that Kiro CLI supports logins (GitHub, Google, AWS Builder ID, IAM Identity Center) and that Codex/other CLIs may require configuration files. That is appropriate. Note: although not requested by the skill, using Kiro or other CLIs will require the user to authenticate and may grant those tools access to repositories or cloud resources—use least privilege.
Persistence & Privilege
The skill does not request always:true, does not include an install that modifies other skills or global configs, and is user-invocable. It instructs use of background sessions for long-running tasks but does not demand permanent presence or elevated platform privileges.
Assessment
This skill is coherent with its stated purpose, but take these precautions before installing or using it: - Avoid enabling insecure automation flags unless you understand the consequences. --trust-all-tools, --yolo, and similar flags disable confirmations/sandboxing and can let CLIs execute arbitrary actions in the workdir or host if combined with elevated modes. - Prefer running agents inside temporary or dedicated review workdirs (mktemp, git worktree) and never point them at system folders or OpenClaw's own codebase. - Be cautious installing CLIs via curl | bash; prefer vetted package managers or verified release binaries when possible and inspect the installer if you must use it. - When authenticating Kiro/other CLIs, scope credentials with least privilege (avoid long-lived full-access IAM credentials). Use identity providers or short-lived credentials when possible. - Monitor background sessions (list/poll/log) and kill them if they behave unexpectedly; restrict what files tools can access by setting workdir appropriately. If you want a stricter evaluation, provide examples of how OpenClaw will invoke these bash commands at runtime (the exact execution wrapper), and whether your OpenClaw environment enforces a sandbox/elevation policy—that would allow raising confidence above 'medium'.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e6mvh1yr9c81q9nzdggqxbn829vq4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧩 Clawdis
Any binclaude, codex, opencode, pi, kiro-cli

Comments