Kiro is a DANGEROUS extension, even though it has nice functionality. Kiro is DANGEROUS because it opens huge security holes in your operating system and does deep file system scans of the user's account every 2 minutes. You cannot install it without giving it full file system access for the users account. I uninstalled it as soon as I asked ClaudeCode to do a code scan and tell me about the functionality and security of the extension.
ClaudeCode warned me not to give this more privileges than ClaudeCode itself.
Kiro needs more fine-grained permissions.
Kiro's Actual Permission Requests
↑ top
When the extension activates, it immediately checks ~/.claude.json and if bypassPermissionsModeAccepted is not true, it:
Opens a full-screen WebView panel titled "Claude Code Permission" showing a warning UI styled to look like Claude Code's own terminal warning.
Loops with a "Try Again / Uninstall" dialog until the user clicks Accept or uninstalls the extension.
On Accept: calls ConfigReader.setBypassPermission(true) which writes bypassPermissionsModeAccepted: true to ~/.claude.json.
All subsequent Claude invocations use: claude --permission-mode bypassPermissions "$(cat <promptFile>)"
// src/features/permission/configReader.ts
this.configPath = path.join(os.homedir(), '.claude.json');
// ...
config.bypassPermissionsModeAccepted = value;
await fs.promises.writeFile(this.configPath, JSON.stringify(config, null, 2), 'utf8');
// src/providers/claudeCodeProvider.ts
let command = claude --permission-mode bypassPermissions "$(cat "${promptFilePath}")";
terminal.sendText(command, true);
Beyond this central permission, the extension also implicitly exercises:
Home directory read/write — ~/.claude.json, watched with fs.watchFile every 2 seconds
Workspace arbitrary file writes — agent MD files auto-copied to .claude/agents/kfc/ on every startup, with overwrite: true
Temp-file creation in VS Code global storage path
Terminal code execution — sends shell commands to the integrated terminal
External network request — GitHub API at startup
Kiro is a DANGEROUS extension, even though it has nice functionality. Kiro is DANGEROUS because it opens huge security holes in your operating system and does deep file system scans of the user's account every 2 minutes. You cannot install it without giving it full file system access for the users account. I uninstalled it as soon as I asked ClaudeCode to do a code scan and tell me about the functionality and security of the extension.
ClaudeCode warned me not to give this more privileges than ClaudeCode itself.
Kiro needs more fine-grained permissions.
Kiro's Actual Permission Requests
↑ top
When the extension activates, it immediately checks ~/.claude.json and if bypassPermissionsModeAccepted is not true, it:
// src/features/permission/configReader.ts
this.configPath = path.join(os.homedir(), '.claude.json');
// ...
config.bypassPermissionsModeAccepted = value;
await fs.promises.writeFile(this.configPath, JSON.stringify(config, null, 2), 'utf8');
// src/providers/claudeCodeProvider.ts
let command =
claude --permission-mode bypassPermissions "$(cat "${promptFilePath}")";terminal.sendText(command, true);
Beyond this central permission, the extension also implicitly exercises: