ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kilo CLI Coding Agent

v0.0.9

Run Kilo CLI via background process for programmatic control.

2· 2.2k·2 current·4 all-time
byCode With Nathan@codewithnathan97
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (kilo, git, gh, tmux), and required env var (GITHUB_TOKEN) all align with a skill that runs Kilo CLI to review code, create PRs, and push changes. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs running Kilo CLI in background or tmux, cloning repositories into temp directories, using git worktrees, running npm install, and using gh to post PR comments—all within the claimed domain. It explicitly warns not to operate on the OpenClaw repo directly. The instructions do direct the agent to create/push commits and post comments, which matches the need for a GitHub token.
Install Mechanism
This is an instruction-only skill (no install spec). The document suggests installing @kilocode/cli via npm -g, which is a normal, explicit user action; nothing in the registry attempts to download or execute code automatically.
Credentials
Only GITHUB_TOKEN is required and it is the declared primary credential. That token will be used to create PRs, push commits, and post comments and therefore needs broad repo write privileges per the README/claw.json. This is proportionate to the skill's functionality but carries real risk if an over-privileged token is provided.
Persistence & Privilege
Skill is not always:true and does not request persistent system modifications. It relies on the agent's ability to run background processes and use existing binaries, which is expected for this kind of automation.
Assessment
This skill is coherent with its purpose, but review and take precautions before enabling it: only provide a GitHub token scoped to the minimum required permissions (prefer a machine/service account token rather than your personal token), avoid using it against sensitive or org-wide repos, test first in a disposable repo/clone, and review the Kilo CLI package and any global npm installs yourself. Remember the skill's instructions will run git/gh commands that can commit, push, and post comments — grant privileges accordingly and rotate/revoke tokens if you stop using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qezspyd38sdfqakqhx1ghn818vhd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binskilo, git, gh, tmux
EnvGITHUB_TOKEN
Primary envGITHUB_TOKEN

Comments