Translate Image
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent image OCR/translation wrapper for TranslateImage, but it uploads images to an external service and uses an API key that the registry metadata does not fully declare.
Before installing, be comfortable with sending selected images to translateimage.io and with providing a TranslateImage API key. Avoid using it on sensitive screenshots, documents, or personal images unless the provider's privacy and retention policies are acceptable to you.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Images processed with this skill are sent to TranslateImage, so private or sensitive image contents may leave the user's device.
The skill explicitly uploads the user's image file to an external provider for processing. This is purpose-aligned and disclosed, but images may contain private documents, screenshots, or personal information.
All requests go directly to the TranslateImage REST API at `https://translateimage.io` using curl ... -F "image=@$IMAGE_PATH"
Use the skill only with images you are comfortable uploading to translateimage.io, and check the provider's privacy and retention terms for sensitive content.
Anyone with the API key could potentially use the user's TranslateImage account or quota.
The skill uses a bearer API key for the TranslateImage service. This is expected for an API-backed integration, and the artifacts do not show hardcoding or leaking the key.
export TRANSLATEIMAGE_API_KEY=your-api-key ... Authorization: Bearer $TRANSLATEIMAGE_API_KEY
Store the API key securely, avoid pasting it into shared logs or chats, and rotate it if it is exposed.
Users may not be warned by the registry that the skill needs an API key and local curl/python3 commands before they try to use it.
The skill's own frontmatter declares an API key and local binary dependencies, while the supplied registry requirement summary says no required env vars or binaries. This is an install-time metadata gap rather than hidden behavior.
requires:\n env:\n - TRANSLATEIMAGE_API_KEY\n bins:\n - curl\n - python3
Confirm the API key and local command requirements before installing or invoking the skill.