Back to skill

Security audit

Kimi Code CLI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Kimi coding-CLI wrapper, but it needs review because its helper can turn crafted task or workdir text into unintended shell commands.

Install only if you trust the external kimi-cli package and are comfortable running a logged-in Kimi CLI against your code. Use a disposable or version-controlled workdir, avoid passing untrusted task text or paths into the helper, review all diffs, and kill background sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs an external CLI to create and modify files in user-specified working directories, including refactors and multi-file project generation, but it does not warn about overwriting files, unintended edits, or the need to isolate workspaces and back up data. In this context, omission of safety guidance materially increases the risk of accidental destructive changes, especially because the skill is designed for autonomous, long-running code tasks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script directly interpolates untrusted user input into a shell command string: both the task and cwd values are embedded into a bash-style exec command without escaping or validation. Because the tool is explicitly designed to hand that command to OpenClaw for execution, a crafted task or working directory can break out of the intended quoting and inject arbitrary shell syntax, leading to command execution in the agent/runtime context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.