Kimi Integration
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kimi-integration Version: 1.0.0 The skill bundle provides clear, step-by-step instructions and a shell script for integrating Moonshot AI (Kimi) and Kimi Code models into Clawdbot. All commands, including `curl` requests to `https://api.moonshot.cn/v1` and `https://api.kimi.com/coding/v1`, are directly related to configuring and testing the integration of these legitimate AI services. The skill handles API keys by instructing users to set them as environment variables or in a `.env` file, and uses them only for authentication with the stated Kimi/Moonshot APIs. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent to perform unauthorized actions. The instructions are transparent and aligned with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Moonshot or Kimi Code API key could be revealed locally if you copy troubleshooting output into a ticket or share your terminal.
The guide handles provider API keys and suggests printing them to the terminal during troubleshooting; this is purpose-related but can expose secrets in scrollback, recordings, or shared logs.
# Verify API keys echo $MOONSHOT_API_KEY echo $KIMICODE_API_KEY
Avoid printing full keys; use masked checks such as `echo ${MOONSHOT_API_KEY:+set}` and rotate any key that may have been exposed.
When enabled, prompts and context sent to the configured model provider may leave your local Clawdbot environment and be handled by Moonshot/Kimi services.
The configuration routes Clawdbot model traffic to an external provider using a user-supplied API key, which is expected for this integration but changes where future prompts are processed.
"baseUrl": "https://api.moonshot.cn/v1",
"apiKey": "${MOONSHOT_API_KEY}",
"api": "openai-completions"Use this only for data you are allowed to send to those providers, and review provider privacy, retention, and billing terms.
Running the script will contact the Kimi/Moonshot APIs, use your API key, and may create provider-side request records or usage charges.
The optional test script performs outbound API calls with the configured credential; this matches the stated connection-test purpose and is not installed or run automatically.
curl -s -X POST "https://api.moonshot.cn/v1/chat/completions" \
-H "Authorization: Bearer $MOONSHOT_API_KEY"Inspect the script before running it and execute it only when you intentionally want to test the provider connection.