Kiro Cli Openclaw Bridge
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Prompts sent through the bridge may cause Kiro tools to act inside the selected project directory.
The bridge can relay kiro-cli tool capabilities. The documentation scopes this to the chosen working directory and localhost, but tool actions may still modify project files or otherwise affect the local workspace.
Bridge 透传 kiro-cli 的内置能力,所有操作受限于 `--cwd` 指定的项目目录。建议仅在信任的项目目录中使用,并保持服务绑定在 localhost。
Run the bridge only for trusted projects, keep it bound to 127.0.0.1, monitor tool actions, and stop the service when it is not needed.
Use of the bridge may consume or exercise privileges associated with the user's Kiro CLI account.
The bridge depends on a logged-in Kiro CLI session. This is expected for the integration, but it means bridge requests operate through the user's Kiro account.
kiro-cli login # 按提示完成登录认证,确保能正常使用
Use a trusted Kiro account/session, understand the Kiro terms and account scope, and avoid letting untrusted local clients send requests to the bridge.
Running an external binary or source checkout gives that code local execution access.
The skill is instruction-only and directs users to external release binaries or source code that were not included in the scanned artifact set.
推荐从 GitHub Releases 下载预编译二进制(无需 Python 环境)... 或从源码构建: git clone https://github.com/LuoShiXi/kiro-cli-openclaw-bridge.git
Download only from the intended repository, verify releases or review source where possible, prefer pinned commits/checksums, and build in an isolated virtual environment.