ClawHub

Kiro Intercom

v1.0.0

Enables communication between multiple Kiro instances by sharing and updating messages in a common chat file for coordinated interaction.

0· 221·0 current·0 all-time
by@sonerbo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the skill's sole capability is to coordinate multiple Kiro instances via a shared file (memory/kiro-chat.md). There are no unexpected env vars, binaries, or installs requested.
Instruction Scope
SKILL.md only tells the agent to append/read memory/kiro-chat.md and to follow a simple message format. That stays within the stated purpose, but the instructions are vague about how the file is shared across machines, how often to poll, and do not address concurrency, locking, or sanitization of sensitive content — giving the agent broad discretion that could lead to accidental data disclosure or race conditions.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest-risk distribution model and nothing written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested, which is proportional to a file-based chat approach. Note: using a shared file can still leak sensitive data if messages include secrets or the file is exposed to other users/processes.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not request elevated persistence or modify other skills' configs; autonomous invocation is allowed by default but not otherwise elevated here.
Assessment
Before installing, consider how memory/kiro-chat.md will actually be shared between your devices (network share, git, cloud storage, etc.) and whether that transport is authenticated and encrypted. Avoid putting secrets or sensitive user data into the chat file. Add file-locking or explicit concurrency controls to prevent message corruption and consider a retention/cleanup policy so private messages are not stored indefinitely. If you need authenticated, auditable, or secure cross-instance communication, prefer a purpose-built channel (secure API or message queue) rather than an unauthenticated shared file.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d9sekbaw206w52zrhmdmsm982akmc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments