Description

Kiro agentic IDE 开发工作流指南。使用 spec 驱动开发、hooks 自动化、steering 规则、MCP 集成和 powers 扩展。当用户需要：(1) 用 Kiro 创建/管理 specs，(2) 配置 hooks 自动化工作流，(3) 设置 steering 规则，(4) 连接 MCP...

README (SKILL.md)

Kiro 开发工作流

Name: Kiro
Author: pupuking723

概述

Kiro 是 Amazon 开发的 agentic IDE 和 CLI 工具，支持规格驱动开发（Spec-Driven Development）。本技能指导你使用 Kiro 的核心功能从原型快速迭代到生产。

核心能力：

Specs - 结构化规格文档，将需求拆解为详细实现计划
Hooks - 基于文件变化和开发事件的自动化触发器
Steering - 通过 markdown 文件定义自定义规则和项目上下文
MCP Servers - 通过 Model Context Protocol 连接外部工具和数据源
Powers - 按需扩展 agent 能力的领域特定知识和集成

快速开始

1. 安装 Kiro

IDE（桌面应用）：

访问 kiro.dev 下载
支持 macOS、Windows、Linux

CLI（命令行）：

# 安装 CLI（参考官方文档）
npm install -g @kiro/cli

2. 创建第一个 Spec

Spec 是 Kiro 的核心，用于结构化规划功能开发：

# 在项目根目录创建 spec
kiro spec create "用户认证系统"

Spec 标准结构（位于 .kiro/specs/）：

requirements.md - 需求定义和用户故事
design.md - 技术设计和架构
tasks.md - 实现任务清单

3. 配置 Steering

在项目根目录创建 .kiro/steering/ 目录，添加规则文件：

# .kiro/steering/project-rules.md
## 代码风格
- 使用 TypeScript 严格模式
- 函数不超过 50 行
- 所有公共 API 必须有 JSDoc

## 项目上下文
- 技术栈：Next.js 15 + TypeScript + Tailwind
- 部署目标：Vercel
- 数据库：Supabase

4. 设置 Hooks

Hooks 自动化重复任务，配置文件变化触发：

# .kiro/hooks.yaml
hooks:
  - name: auto-format
    trigger: file.save
    pattern: "*.ts"
    action: run "prettier --write {{file}}"
    
  - name: run-tests
    trigger: file.save
    pattern: "src/**/*.test.ts"
    action: run "npm test"

核心工作流

Spec 驱动开发流程

创建 Spec → 定义需求和验收标准
Review Spec → 与 Kiro agent 讨论完善
生成 Tasks → 自动拆解为实现任务
执行 Tasks → Agent 按任务逐步实现
验证验收 → 对照验收标准测试

使用 Agentic Chat

Kiro 的聊天功能理解整个项目上下文：

用户：帮我实现用户登录功能
Kiro：我看到你在 .kiro/specs/auth/requirements.md 中定义了登录需求。
     我将按照 spec 中的验收标准逐步实现：
     1. 创建登录表单组件
     2. 实现 Supabase 认证
     3. 添加错误处理
     4. 编写单元测试
     
     开始吗？

连接 MCP 服务器

MCP 允许 Kiro 访问外部工具和数据：

// .kiro/mcp.json
{
  "servers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    },
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem"],
      "options": {
        "allowedPaths": ["/Users/mac/.openclaw/workspace"]
      }
    }
  }
}

最佳实践

Spec 编写规范

好的 Spec 特征：

✅ 清晰的用户故事和验收标准
✅ 可测试的需求描述
✅ 技术实现细节分离到 design.md
✅ 任务拆解到可独立完成的粒度

避免：

❌ 模糊的需求描述（"提升性能"）
❌ 混合需求和实现细节
❌ 缺少验收标准

Steering 规则设计

有效规则：

## 错误处理
- 所有 async 函数必须用 try-catch 包裹
- API 错误必须返回标准格式：{ error: { code, message } }
- 禁止吞掉错误而不记录日志

无效规则：

## 代码质量
- 写好代码（过于模糊）
- 保持简洁（没有可操作标准）

Hooks 自动化策略

推荐 Hooks：

保存时自动格式化
提交前运行 lint
测试文件保存时运行测试
Spec 更新时同步任务状态

避免：

耗时操作（>5 秒）阻塞保存
依赖外部网络服务的同步操作

常见问题

Q: Spec 应该多详细？

A: 足够让另一个开发者理解需求并实现，但不包含具体代码实现。通常 2-5 页 markdown。

Q: 如何迁移现有 VS Code 项目？

A: Kiro 支持一键导入 VS Code 设置和扩展。首次启动时会提示迁移。

Q: MCP 服务器安全吗？

A: MCP 服务器在沙箱中运行，通过明确配置的允许路径访问资源。建议最小权限原则。

资源导航

官方文档

社区

参考文件：

references/spec-template.md - Spec 模板和示例
references/hooks-reference.md - Hooks 配置完整参考
references/mcp-servers.md - 可用 MCP 服务器列表

脚本工具：

scripts/create-spec.py - 快速创建标准结构 Spec
scripts/validate-hooks.py - 验证 hooks 配置语法

资产模板：

assets/steering-templates/ - 常用 steering 规则模板

Usage Guidance

This package is a documentation-driven workflow guide and a small helper script — overall coherent — but take these precautions before installing/using it: 1) Verify provenance: the SKILL.md claims Amazon involvement but the registry source/homepage are unknown; confirm upstream authenticity before trusting it. 2) Audit hooks: hooks can run arbitrary shell commands (including rm); inspect .kiro/hooks.yaml and any configured actions to ensure nothing destructive or exfiltrative will run. 3) Limit MCP scope: MCP filesystem servers grant file access; use minimal allowedPaths and avoid enabling filesystem servers pointed at broad directories. 4) Vet third‑party packages: the docs recommend running npx to launch MCP servers (third‑party npm packages). Review those packages' source and run them in a sandbox before granting production tokens. 5) Protect secrets: store tokens (GITHUB_TOKEN, DATABASE_URL, SLACK_BOT_TOKEN, etc.) securely (not committed to repo), provide least-privilege credentials, and rotate keys regularly. 6) Review create-spec.py before running; it is benign here but always verify scripts that will write to disk. If you need higher assurance, ask for or obtain an authoritative upstream repository/homepage and verify package provenance and maintainers.

Capability Analysis

Type: OpenClaw Skill Name: kiro Version: 1.0.0 The bundle provides a comprehensive guide and scaffolding tools for the 'Kiro' agentic IDE workflow, focusing on spec-driven development and automation. It contains a harmless Python script (scripts/create-spec.py) for generating markdown templates and extensive documentation (SKILL.md, references/) regarding hooks, steering rules, and Model Context Protocol (MCP) integrations. No evidence of malicious intent, data exfiltration, or prompt injection was found; the high-risk capabilities described (such as shell command execution via hooks) are standard features of the documented developer tool and are not exploited within the bundle.

Capability Assessment

✓ Purpose & Capability

Name, description, templates, hooks reference, MCP server docs, and the create-spec.py utility all align with a developer workflow / agentic IDE guide. The included files (spec templates, hooks reference, MCP servers reference) are appropriate for the stated purpose.

ℹ Instruction Scope

SKILL.md instructs use of hooks that execute arbitrary shell commands (run actions), file insert/replace, and examples that can remove files (rm). It also shows MCP configs that launch third-party servers via npx. These behaviors are expected for a dev automation tool but expand the agent's runtime capabilities (command execution, file writes/deletes). Review any hook actions and MCP server commands before enabling them.

✓ Install Mechanism

No install spec is provided (instruction-only) and the only code file is a small, readable Python script that generates spec files. The skill itself does not perform downloads or install artifacts during install. However the documentation recommends running npx for MCP servers and third‑party packages at runtime — which is normal for this architecture but worth auditing.

ℹ Credentials

The skill metadata does not declare required env vars, but the documentation and MCP examples reference common sensitive variables (GITHUB_TOKEN, DATABASE_URL, SLACK_BOT_TOKEN, BRAVE_API_KEY, etc.). Those env vars are reasonable for the integrations shown, but they are sensitive and users must provide them; the skill does not itself justify requesting broad credentials beyond the integrations it documents.

✓ Persistence & Privilege

Skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is allowed by default (platform norm) but not excessive here.

Version History

v1.0.0

kiro 1.0.0 - 首个发布版本 - 提供 Kiro agentic IDE / CLI 开发工作流的完整使用指南 - 介绍 spec 驱动开发、hooks 自动化、steering 规则、MCP 集成及 powers 扩展 - 包含规范化 spec 编写、自动化 hooks 配置、项目规则与上下文管理方法 - 指导 MCP 服务器配置及安全建议 - 附带常见问题、资源链接与常用脚本/模板说明

Metadata

Slug kiro

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Kiro?

Kiro agentic IDE 开发工作流指南。使用 spec 驱动开发、hooks 自动化、steering 规则、MCP 集成和 powers 扩展。当用户需要：(1) 用 Kiro 创建/管理 specs，(2) 配置 hooks 自动化工作流，(3) 设置 steering 规则，(4) 连接 MCP... It is an AI Agent Skill for Claude Code / OpenClaw, with 254 downloads so far.

How do I install Kiro?

Run "/install kiro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Kiro free?

Yes, Kiro is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Kiro support?

Kiro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Kiro?

It is built and maintained by pupuking723 (@pupuking723); the current version is v1.0.0.

More Skills

Kiro