Translate CLI
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: translate-cli Version: 0.2.0 The OpenClaw AgentSkills skill bundle for 'translate-cli' is benign. All files, including the SKILL.md and other documentation, describe the functionality of a command-line translation tool without any evidence of malicious intent. While the tool interacts with the file system, makes network requests to specified endpoints (including custom base URLs), and handles API keys, these are all legitimate and expected functionalities for its stated purpose. There are no signs of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the OpenClaw agent within the provided content.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a generated command is run with these flags, local files could be overwritten without another prompt.
The CLI guide documents file mutation and confirmation-skipping flags. These are relevant to translation workflows but can overwrite user files if used carelessly.
`-i, --in-place`: overwrite input file(s) in place ... `-y, --yes`: skip confirmations.
Review commands before running them, use `--dry-run` where possible, avoid `--in-place --yes` on important files or broad globs unless you have backups.
API keys may authorize paid provider usage and should be treated as secrets.
The skill documents use of provider credentials for OpenAI, Anthropic, and DeepL. This is expected for the stated provider-integration purpose.
`openai` ... credential: `OPENAI_API_KEY` (or `--api-key`, or config `providers.openai.api_key`)
Prefer environment variables or trusted local config, avoid pasting real API keys into chat, and scope/rotate keys according to provider guidance.
Sensitive documents could leave the local machine when using cloud or third-party endpoints.
The guide supports cloud and user-specified provider endpoints, so translated text or file contents may be sent to external services as part of normal operation.
default base URL: `https://api.openai.com` ... `https://api.anthropic.com` ... `openai-compatible` ... requires both base URL and model
Use local providers such as Ollama or trusted endpoints for sensitive material, and confirm the selected provider/base URL before translating private files.
Unexpected or untrusted config/prompt files could change provider choice, prompts, or output behavior in later commands.
Persistent config and prompt presets can store defaults and prompt templates that influence future translation runs.
Default: `~/.config/translate/config.toml` ... `[presets.markdown-custom]` ... `system_prompt_file = "prompts/system.txt"`
Review persistent TOML config and prompt files, especially before using shared presets or translating sensitive content.