KSE CLI 开发工作流
Security checks across malware telemetry and agentic risk
Overview
This is a small KSE CLI workflow guide with no hidden behavior; the main caution is that it asks users to install an npm CLI globally.
Before installing, confirm that `kiro-spec-engine` is the intended npm package and consider using a pinned or project-local install. Run `kse` only inside the project you intend to modify and review any files it creates or changes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.