Back to skill
Skillv1.0.0
ClawScan security
Kiro Intercom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 8:30 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it instructs agents to share messages by reading and appending a single file, and it does not request extra credentials or installs — but it is vague about how that file is actually synchronized and about safety/privacy considerations.
- Guidance
- Before installing, consider how memory/kiro-chat.md will actually be shared between your devices (network share, git, cloud storage, etc.) and whether that transport is authenticated and encrypted. Avoid putting secrets or sensitive user data into the chat file. Add file-locking or explicit concurrency controls to prevent message corruption and consider a retention/cleanup policy so private messages are not stored indefinitely. If you need authenticated, auditable, or secure cross-instance communication, prefer a purpose-built channel (secure API or message queue) rather than an unauthenticated shared file.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the skill's sole capability is to coordinate multiple Kiro instances via a shared file (memory/kiro-chat.md). There are no unexpected env vars, binaries, or installs requested.
- Instruction Scope
- noteSKILL.md only tells the agent to append/read memory/kiro-chat.md and to follow a simple message format. That stays within the stated purpose, but the instructions are vague about how the file is shared across machines, how often to poll, and do not address concurrency, locking, or sanitization of sensitive content — giving the agent broad discretion that could lead to accidental data disclosure or race conditions.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — lowest-risk distribution model and nothing written to disk by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are requested, which is proportional to a file-based chat approach. Note: using a shared file can still leak sensitive data if messages include secrets or the file is exposed to other users/processes.
- Persistence & Privilege
- okSkill is not always-enabled and is user-invocable. It does not request elevated persistence or modify other skills' configs; autonomous invocation is allowed by default but not otherwise elevated here.