Kiro
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Kiro workflow guide, but users should carefully scope its optional hooks, MCP servers, credentials, and persistent steering rules.
Safe to consider as a Kiro workflow reference, but do not blindly enable every example. Review hooks before they run, avoid automatic production deploys unless intended, restrict MCP filesystem paths, use least-privilege credentials, and verify npm/npx packages and persistent steering rules.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured hook could run commands, change files, or deploy code automatically during normal development actions.
The hooks reference shows user-configurable automation that can run shell commands and deploy to production on a Git push. This is expected for a workflow-automation guide, but high-impact hooks should be reviewed and explicitly approved.
trigger: git.push branch: main action: run "vercel --prod"
Use hooks only for clearly understood tasks, avoid destructive commands, and require review for deploy or deletion workflows.
If broad tokens are configured, Kiro-connected tools may be able to read or modify repositories, databases, or workspace content.
The MCP examples use service credentials such as GitHub tokens, database URLs, and Slack bot tokens. These are purpose-aligned for integrations but can grant account or workspace authority.
"GITHUB_TOKEN": "${GITHUB_TOKEN}"Use least-privilege tokens, limit repositories/workspaces, rotate credentials, and avoid sharing API keys.
External packages run as part of MCP setup could inherit the permissions and credentials granted to the integration.
The guide shows MCP servers launched through npx with automatic package acceptance. This is a common, purpose-aligned setup pattern, but users should verify package provenance and versions.
"command": "npx", "args": ["-y", "@modelcontextprotocol/server-github"]
Prefer trusted packages, pin versions where possible, and review MCP server permissions before enabling them.
Project rules may continue affecting future agent actions, including rules added by collaborators or copied from templates.
The skill describes persistent steering files that define custom rules and project context. This is core to Kiro, but persistent context can influence later agent behavior.
Steering - 通过 markdown 文件定义自定义规则和项目上下文
Review steering files before use, keep them project-scoped, and avoid treating unreviewed markdown as authoritative policy.
Enabled MCP servers may expose local files, repository data, database content, or workspace messages to the agent workflow.
The guide explicitly connects Kiro to MCP servers and external APIs. This is disclosed and purpose-aligned, but data boundaries depend on which servers and paths the user enables.
Model Context Protocol (MCP) 允许 Kiro 连接到外部工具、API 和数据源
Enable only needed MCP servers, restrict allowed paths, and separate credentials by project or environment.