KiloCode
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward instruction-only skill for an external AI coding CLI, but users should notice that the CLI can edit files, run commands, use provider auth, and has an autonomous no-prompt mode.
Before installing or invoking this skill, make sure the `kilo` CLI comes from a trusted source, use it only in project directories where file edits and command execution are acceptable, avoid `--auto` unless you explicitly trust the environment, and verify which provider auth profile and model service will receive your coding prompts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the CLI could change project files, run terminal commands, or interact with browser workflows without step-by-step approval.
The skill discloses that the external CLI can perform broad local actions and has an optional mode that skips permission prompts. This is central to the coding-agent purpose, but it is high-impact if used in the wrong directory or environment.
`kilo run --auto '<prompt>'` ... `Autonomous mode (no permission prompts)` ... `Kilo can read and write files, run commands, and interact with browser`
Use interactive mode by default, reserve `--auto` for trusted CI/CD or disposable environments, and review generated changes before committing or deploying.
The safety of the actual CLI depends on the separately installed `kilo` tool, not on code included in this skill.
The skill contains only usage instructions and relies on an external `kilo` binary, but the registry metadata does not establish the binary's provenance or installation source.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Install or use `kilo` only from a trusted source, verify its documentation, and avoid running an unexpected binary with the same name.
CLI runs may consume provider quota or operate under whichever credentials are configured in the local auth profile.
The CLI appears to use configured provider authentication profiles for model access. This is expected for an AI provider integration, but users should know which account or API credentials are configured.
Kilocode supports 500+ AI models via the Kilo provider (configured in auth-profiles).
Check the configured Kilo auth profile before use and avoid sharing prompts or project content through credentials you do not control.
A continued session may carry earlier instructions, assumptions, or sensitive context into a new task.
The skill documents a mode that reuses prior conversation context. That persistence is useful, but stale or untrusted prior context could influence later coding tasks.
`kilo run --continue '<prompt>'` ... `Continue with previous context`
Start a fresh session for unrelated or sensitive work, and use continuation only when the prior conversation is relevant and trusted.
Prompts, code snippets, or project context may be processed by the configured external AI provider.
The skill delegates work to an external AI coding provider/model configuration. This is purpose-aligned, but the artifact does not define provider-side data boundaries or what project context may be sent.
supports 500+ AI models via the Kilo provider ... Model selection is handled automatically based on provider configuration.
Confirm the provider configuration and data handling policy before using the CLI on private repositories, secrets, or regulated code.