Description

Kiro agentic IDE 开发工作流指南。使用 spec 驱动开发、hooks 自动化、steering 规则、MCP 集成和 powers 扩展。当用户需要：(1) 用 Kiro 创建/管理 specs，(2) 配置 hooks 自动化工作流，(3) 设置 steering 规则，(4) 连接 MCP...

README (SKILL.md)

Kiro 开发工作流

Name: Kiro Agentic IDE Guide
Author: xwz119

概述

Kiro 是 Amazon 开发的 agentic IDE 和 CLI 工具，支持规格驱动开发（Spec-Driven Development）。本技能指导你使用 Kiro 的核心功能从原型快速迭代到生产。

核心能力：

Specs - 结构化规格文档，将需求拆解为详细实现计划
Hooks - 基于文件变化和开发事件的自动化触发器
Steering - 通过 markdown 文件定义自定义规则和项目上下文
MCP Servers - 通过 Model Context Protocol 连接外部工具和数据源
Powers - 按需扩展 agent 能力的领域特定知识和集成

快速开始

1. 安装 Kiro

IDE（桌面应用）：

访问 kiro.dev 下载
支持 macOS、Windows、Linux

CLI（命令行）：

# 安装 CLI（参考官方文档）
npm install -g @kiro/cli

2. 创建第一个 Spec

Spec 是 Kiro 的核心，用于结构化规划功能开发：

# 在项目根目录创建 spec
kiro spec create "用户认证系统"

Spec 标准结构（位于 .kiro/specs/）：

requirements.md - 需求定义和用户故事
design.md - 技术设计和架构
tasks.md - 实现任务清单

3. 配置 Steering

在项目根目录创建 .kiro/steering/ 目录，添加规则文件：

# .kiro/steering/project-rules.md
## 代码风格
- 使用 TypeScript 严格模式
- 函数不超过 50 行
- 所有公共 API 必须有 JSDoc

## 项目上下文
- 技术栈：Next.js 15 + TypeScript + Tailwind
- 部署目标：Vercel
- 数据库：Supabase

4. 设置 Hooks

Hooks 自动化重复任务，配置文件变化触发：

# .kiro/hooks.yaml
hooks:
  - name: auto-format
    trigger: file.save
    pattern: "*.ts"
    action: run "prettier --write {{file}}"
    
  - name: run-tests
    trigger: file.save
    pattern: "src/**/*.test.ts"
    action: run "npm test"

核心工作流

Spec 驱动开发流程

创建 Spec → 定义需求和验收标准
Review Spec → 与 Kiro agent 讨论完善
生成 Tasks → 自动拆解为实现任务
执行 Tasks → Agent 按任务逐步实现
验证验收 → 对照验收标准测试

使用 Agentic Chat

Kiro 的聊天功能理解整个项目上下文：

用户：帮我实现用户登录功能
Kiro：我看到你在 .kiro/specs/auth/requirements.md 中定义了登录需求。
     我将按照 spec 中的验收标准逐步实现：
     1. 创建登录表单组件
     2. 实现 Supabase 认证
     3. 添加错误处理
     4. 编写单元测试
     
     开始吗？

连接 MCP 服务器

MCP 允许 Kiro 访问外部工具和数据：

// .kiro/mcp.json
{
  "servers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    },
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem"],
      "options": {
        "allowedPaths": ["/Users/mac/.openclaw/workspace"]
      }
    }
  }
}

最佳实践

Spec 编写规范

好的 Spec 特征：

✅ 清晰的用户故事和验收标准
✅ 可测试的需求描述
✅ 技术实现细节分离到 design.md
✅ 任务拆解到可独立完成的粒度

避免：

❌ 模糊的需求描述（"提升性能"）
❌ 混合需求和实现细节
❌ 缺少验收标准

Steering 规则设计

有效规则：

## 错误处理
- 所有 async 函数必须用 try-catch 包裹
- API 错误必须返回标准格式：{ error: { code, message } }
- 禁止吞掉错误而不记录日志

无效规则：

## 代码质量
- 写好代码（过于模糊）
- 保持简洁（没有可操作标准）

Hooks 自动化策略

推荐 Hooks：

保存时自动格式化
提交前运行 lint
测试文件保存时运行测试
Spec 更新时同步任务状态

避免：

耗时操作（>5 秒）阻塞保存
依赖外部网络服务的同步操作

常见问题

Q: Spec 应该多详细？

A: 足够让另一个开发者理解需求并实现，但不包含具体代码实现。通常 2-5 页 markdown。

Q: 如何迁移现有 VS Code 项目？

A: Kiro 支持一键导入 VS Code 设置和扩展。首次启动时会提示迁移。

Q: MCP 服务器安全吗？

A: MCP 服务器在沙箱中运行，通过明确配置的允许路径访问资源。建议最小权限原则。

资源导航

官方文档

社区

参考文件：

references/spec-template.md - Spec 模板和示例
references/hooks-reference.md - Hooks 配置完整参考
references/mcp-servers.md - 可用 MCP 服务器列表

脚本工具：

scripts/create-spec.py - 快速创建标准结构 Spec
scripts/validate-hooks.py - 验证 hooks 配置语法

资产模板：

assets/steering-templates/ - 常用 steering 规则模板

Usage Guidance

This skill appears to be an authored guide for an agentic IDE and includes a benign create-spec.py helper, but several things merit caution before installing or enabling it: - Provenance: the package metadata and _meta.json owner IDs mismatch and the skill has no homepage or source URL. Ask the publisher for a canonical source (GitHub repo or official docs) before trusting it. - Missing file referenced: SKILL.md lists scripts/validate-hooks.py, but that file is not included. Ask for the missing file or an explanation. - Review all hook and MCP configurations before enabling: hooks can run arbitrary shell commands and make network requests; MCP entries use npx to fetch and run packages. Only enable hooks/MCP servers you trust and inspect the commands/packages they will run. - Protect secrets: do not place sensitive tokens (GITHUB_TOKEN, DATABASE_URL, SLACK_WEBHOOK, etc.) in a project .env or mcp.json until you’ve verified the server implementation and limited allowedPaths/scopes. Use least-privilege tokens and rotate them after testing. - Limit filesystem scope: change allowedPaths to the smallest required directory (do not copy example paths verbatim). Confirm MCP filesystem servers cannot access your whole home directory. - Verify third-party packages: npx -y will install packages from npm on demand. If you enable third-party MCP servers, review their source code / npm package and prefer pinned, audited packages. If the publisher provides a trustworthy upstream repository and the missing files are supplied, many of the above concerns become manageable. Without that, treat the skill as potentially risky and review configs and tokens carefully before use.

Capability Analysis

Type: OpenClaw Skill Name: kiro-ide-guide Version: 1.0.0 The skill bundle is a legitimate documentation and utility set for the Kiro agentic IDE. It includes a safe Python helper script (scripts/create-spec.py) for generating project templates and detailed markdown guides for configuring hooks, steering rules, and MCP servers. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found; all high-risk capabilities mentioned (such as shell execution or environment variable usage) are contextually appropriate for developer tooling and are accompanied by security best practices.

Capability Assessment

ℹ Purpose & Capability

The skill's name/description (Kiro agentic IDE guide) matches the SKILL.md content and the provided create-spec.py helper. However there are small provenance/manifest inconsistencies: the registry metadata ownerId differs from _meta.json ownerId, the SKILL.md mentions a scripts/validate-hooks.py tool that is NOT present in the file manifest, and the source/homepage are unknown. Those mismatches reduce trust but do not by themselves indicate malicious intent.

⚠ Instruction Scope

The runtime instructions include many examples that permit executing arbitrary shell commands via hooks (action: run "...") and using MCP servers that launch packages via npx. Hook examples also show network calls (curl to webhooks, vercel deploys) and reference environment-variable substitution (e.g., ${GITHUB_TOKEN}, $SLACK_WEBHOOK). This is expected for a developer tool, but it gives broad capability to read/write files and call external services if users enable hooks/MCP servers without careful review. The SKILL.md also contains a filesystem allowedPaths example pointing to /Users/mac/.openclaw/workspace, which exposes a platform-specific path and could be misconfigured to allow broader FS access.

ℹ Install Mechanism

There is no install spec for the skill itself (instruction-only), which is low-risk. The documentation recommends installing/launching tooling via npm/npx (e.g., npm install -g @kiro/cli, npx -y @modelcontextprotocol/server-...), which is normal for JS tooling but carries moderate risk because npx may fetch and run arbitrary packages at runtime. The skill does not bundle or download additional code during install.

⚠ Credentials

The skill declares no required environment variables, yet the SKILL.md and references show many placeholders for sensitive credentials (GITHUB_TOKEN, DATABASE_URL, SLACK_BOT_TOKEN, BRAVE_API_KEY, GOOGLE_MAPS_API_KEY, WEATHER_API_KEY, etc.). That is expected for integrations, but the manifest does not list or restrict these, so a user might enable servers/hooks that cause secret exposure if they place tokens in project .env or pass them to MCP servers. Also the example allowedPaths includes a path to an OpenClaw workspace, which is oddly specific and could allow wider local file access if copied verbatim.

✓ Persistence & Privilege

The skill is not always-enabled (always:false) and does not request persistent system privileges. It is instruction-only with a small helper script that writes local spec files. The default platform behavior allowing agent invocation applies but is not, by itself, a new or unusual privilege for this skill.

Version History

v1.0.0

Initial release: Kiro spec-driven dev, hooks, steering, MCP integration, powers extension, full development workflow

Metadata

Slug kiro-ide-guide

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Kiro Agentic IDE Guide?

Kiro agentic IDE 开发工作流指南。使用 spec 驱动开发、hooks 自动化、steering 规则、MCP 集成和 powers 扩展。当用户需要：(1) 用 Kiro 创建/管理 specs，(2) 配置 hooks 自动化工作流，(3) 设置 steering 规则，(4) 连接 MCP... It is an AI Agent Skill for Claude Code / OpenClaw, with 88 downloads so far.

How do I install Kiro Agentic IDE Guide?

Run "/install kiro-ide-guide" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Kiro Agentic IDE Guide free?

Yes, Kiro Agentic IDE Guide is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Kiro Agentic IDE Guide support?

Kiro Agentic IDE Guide is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Kiro Agentic IDE Guide?

It is built and maintained by xwz119 (@xwz119); the current version is v1.0.0.

More Skills

Kiro Agentic IDE Guide