Baidu File Translate
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Baidu file-translation helper, but it relies on an external CLI, a Baidu API key, and sending selected documents to Baidu.
This skill appears purpose-aligned and safe to use for its stated task. Before installing or using it, verify the trans-cli package source, protect your TRANS_API_KEY, and only submit documents that your privacy or workplace rules allow you to send to Baidu.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files submitted for translation may contain private content and will be handled by Baidu/trans-cli as part of the translation process.
The workflow sends a user-selected document to the Baidu translation service and receives a hosted URL for the translated file.
trans file submit <file> --from auto --to en --json ... "file_url": "https://..."
Only translate documents you are comfortable sending to Baidu, and treat returned file URLs as sensitive until they expire.
Anyone with access to the API key may be able to use the associated Baidu translation account or quota.
The skill requires a Baidu translation API key, which is expected for this integration but is still a sensitive account credential.
"requires":{"bins":["trans"],"env":["TRANS_API_KEY"]}Store TRANS_API_KEY securely, avoid pasting it into chats or logs, and rotate it if it may have been exposed.
Installing or running the external CLI means trusting code outside this skill review.
The skill depends on an external npm-installed CLI, but the reviewed artifacts do not include that package's code or a pinned version.
"install":[{"id":"npm","kind":"npm","package":"@bdtrans/trans-cli","bins":["trans"]}]Install trans-cli only from a trusted source, consider pinning/verifying the package version, and review the package separately if handling sensitive documents.