KSE CLI 开发工作流
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: kse-dev Version: 1.0.1 The skill bundle provides documentation and instructions for using the 'kiro-spec-engine' (kse) CLI tool for spec-driven development. The instructions in SKILL.md cover standard development workflows such as project initialization, document creation, and environment checks (kse doctor) without any evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package adds code to the user's system globally, so the user relies on the npm package being the intended and trustworthy CLI.
The workflow depends on installing a global npm package without a pinned version in the provided artifact. This is central to the CLI purpose, so it is a note rather than a concern, but it creates normal package-provenance and version-trust considerations.
npm install -g kiro-spec-engine
Verify the npm package and maintainer before installing; consider pinning a known version or using a project-local install if appropriate.