ClawHub

Kimi Code API

v2.0.0

One-click setup to use Kimi K2.5 (Kimi Code) as your coding model in OpenClaw and Claude Code CLI. Kimi Code is Anthropic Messages API compatible — swap the...

0· 152·0 current·0 all-time
by@jack-yang-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions (how to configure OpenClaw and Claude Code to point at a Kimi Anthropic-compatible endpoint). Minor mismatch: marketing text says "one-click setup" but the SKILL.md provides manual config snippets and environment-variable examples rather than an automated installer.
Instruction Scope
SKILL.md only instructs the agent/user to set base URL and API key fields in OpenClaw config or export ANTHROPIC_* env vars and to call the Kimi API endpoints; it does not instruct reading unrelated system files, exfiltrating data, or contacting unexpected endpoints.
Install Mechanism
This is instruction-only (no install spec, no downloads, no code files). There is nothing written to disk or installed by the skill itself.
Credentials
The skill declares no required environment variables, which is consistent for an instruction-only guide. The runtime examples do ask users to provide ANTHROPIC_BASE_URL and ANTHROPIC_API_KEY — expected and proportionate for an API integration. One thing to note: examples show placing the API key in openclaw.json (config file) which may persist secrets in plaintext; using environment variables or a secrets manager is safer.
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, and contains no installation steps that modify other skills or system-wide settings.
Assessment
This skill is an integration guide — it won't install code. Before using: (1) verify the domain (https://api.kimi.com/coding) is the official Kimi endpoint and that the service is trusted; (2) create and use a dedicated Kimi API key (do not reuse other provider keys), limit its scope if possible, and rotate/revoke it when not needed; (3) prefer exporting the key as an environment variable or using a secrets manager rather than embedding it in openclaw.json (which may store secrets in plaintext); (4) test with non-sensitive prompts first and confirm responses come from the expected service; and (5) if anything in your environment already assumes Anthropic endpoints, double-check you are not unintentionally routing other workloads to the Kimi endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk9743gs3bg724ncr7dsae1rgwx83grnd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments