ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

KiloCode

AI coding agent CLI tool for generating code from natural language, automating tasks, and running terminal commands. Use when user wants to perform coding ta...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 26 · 0 current installs · 0 all-time installs
byweinguyen@weinguyen1224-glitch
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a CLI tool ('kilo') that executes terminal commands, automates CI, and integrates with many AI providers, yet the package is instruction-only with no binary, no install spec, and no code. A real CLI would require an install step or bundled executable; that is missing here, so the declared purpose is not supported by the provided artifacts.
!
Instruction Scope
SKILL.md instructs running the external 'kilo' CLI (interactive, non-interactive, and fully autonomous modes) and states the tool can read/write files, run commands, and interact with a browser. Those capabilities are broad and potentially sensitive; the instructions give no constraints, no safeguards, and include an '--auto' mode that runs without permission prompts. The document also references auth-profiles and external model providers but does not explain how credentials are supplied or used.
!
Install Mechanism
There is no install specification and no code files. The SKILL.md references an external site (kilo.ai) and an external CLI but provides no download URLs, package manager instructions, or checksums. That makes the skill non-functional as packaged and raises provenance questions — it's unclear where a user would obtain the executable and whether it is trustworthy.
!
Credentials
The document mentions provider auth-profiles and support for many models, which normally requires API keys or credentials, but requires.env lists nothing. The absence of declared environment variables or credential requirements is inconsistent with the stated integration behavior and hides what secrets would be needed or accessed.
Persistence & Privilege
The skill does not request permanent presence (always:false) and has default autonomous invocation allowed (platform default). That alone is acceptable. Note: the SKILL.md advertises a fully autonomous '--auto' mode — that is an operational risk if used in untrusted environments, but it is not a metadata privilege requested by the package itself.
What to consider before installing
This package is inconsistent: it claims to be a CLI that can run commands and use many model providers, but it includes no binary, no install instructions, and it declares no credentials. Before using or trusting this skill, ask the publisher for: (1) an official install method (package name or download URL) and a cryptographic checksum; (2) source code or a reproducible build so you can audit what the 'kilo' binary does; (3) a clear list of what credentials or auth-profiles are required and where they are stored; and (4) documentation about what '--auto' actually executes and safeguards for running in CI. Do not run an unknown 'kilo' binary or enable '--auto' in any environment containing secrets until you verify provenance. If the publisher cannot provide these, treat the skill as non-functional or potentially risky and avoid installing or invoking it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97a02w8x0wrrxg6hkk7zrstbh83rejc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Kilocode

Kilocode is an AI coding agent CLI tool that generates code from natural language, automates tasks, and runs terminal commands.

Basic Usage

Run in any project directory:

kilo

Non-interactive mode

Execute a single prompt without entering interactive REPL:

kilo run '<prompt>'

Continue previous conversation:

kilo run --continue '<prompt>'

Fully autonomous mode (CI/CD, no prompts):

kilo run --auto '<prompt>'

Common Commands

CommandDescription
kiloStart interactive REPL
kilo run "prompt"Execute single prompt
kilo run --continue "prompt"Continue with previous context
kilo run --auto "prompt"Autonomous mode (no permission prompts)
kilo --helpShow help

Examples

Generate code

kilo run "Create a Python function to calculate fibonacci sequence with memoization"

Debug

kilo run "Fix the bug in index.js where the async function returns undefined"

Refactor

kilo run "Refactor the React component to use hooks instead of class"

Run terminal commands

kilo run "Run npm test and fix any failing tests"

CI/CD automation

kilo run --auto "Run linting, tests, and build the project"

Models

Kilocode supports 500+ AI models via the Kilo provider (configured in auth-profiles). Popular models:

  • Gemini 3.1 Pro (default, fast)
  • Claude 4.6 Sonnet & Opus (high quality)
  • GPT-5.2 (OpenAI)

Model selection is handled automatically based on provider configuration. No need to specify model unless required.

Tips

  • Use --auto flag only in trusted environments (CI/CD)
  • Provide clear, specific prompts for better results
  • Kilo can read and write files, run commands, and interact with browser
  • Check kilo.ai for documentation and updates

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…