Kimi Code CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a legitimate Kimi coding-CLI wrapper, but its helper builds shell commands from raw task text without escaping, which could cause unintended command execution.
Install only if you trust the external kimi-cli package and are comfortable using a logged-in Kimi account. Run it in an isolated, pre-created workdir, review diffs before accepting changes, monitor or kill background sessions, and avoid generated commands that include unescaped quotes or shell metacharacters from the task prompt.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious task prompt could make the agent run unintended local shell commands with the user's permissions.
The helper places user-controlled task text and workdir text directly into a shell/exec command string without escaping. If the generated command is run, quotes or shell metacharacters in a task could alter the intended Kimi invocation.
cmd = f'''bash pty:true workdir:{workdir} timeout:{timeout} command:"kimi '{task}'"'''Do not run generated commands containing unescaped user text. Update the helper to validate workdir values and pass prompts through safe argument handling, stdin, a temporary file, or robust shell quoting such as shlex.quote.
The CLI may use the user's logged-in Kimi account while processing coding tasks.
The skill expects an authenticated Kimi CLI session. This is normal for a Kimi integration, but it means actions are performed using the user's Kimi account/session.
- 已登录:`kimi /login`
Use an account/session appropriate for the project, and avoid running it on confidential repositories unless Kimi's account and data-handling policies are acceptable.
Users depend on whatever version of the external kimi-cli package pip resolves at install time.
The documented setup installs an external package without a pinned version, while the artifact set provides no install spec or lockfile.
- Kimi Code CLI 已安装:`pip install kimi-cli`
Install from a trusted source, consider pinning a reviewed version in a virtual environment, and verify the package before use.
A background coding session can continue modifying files until it is completed or killed.
Interactive mode intentionally starts a background Kimi session for long-running work. The documentation also provides process log, submit, poll, and kill commands.
bash pty:true workdir:~/project background:true command:"kimi"
Use background mode only for tasks you intend to supervise, monitor logs, and explicitly kill sessions when finished.
A short portion of the task description may be included in an inter-agent/gateway notification.
The optional wake helper can send part of the task description through the OpenClaw gateway as a wake message.
wake_cmd = f'openclaw gateway wake --text "Kimi完成: {task_desc}" --mode now'Avoid placing secrets in task descriptions, especially when using wake/notification features.