Skillv1.0.0

ClawScan security

Translate Book · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 3:48 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's claimed purpose (chunked, parallel translation of ebooks) matches the files, scripts, and runtime instructions; it requests only local binaries (Calibre, Pandoc, Python) and no credentials, and there are no signs of hidden network exfiltration or unrelated capabilities.
Guidance: This skill appears coherent for translating ebooks, but consider these practical cautions before installing/using it: 1) Dependencies: install Calibre (ebook-convert), Pandoc, and Python3 (plus pypandoc) locally — the scripts call them via subprocess. 2) Data exposure: translation works by sending chunk text to sub-agents/LLM; do not use it on copyrighted, confidential, or sensitive documents you cannot send to an LLM. 3) Filesystem effects: the pipeline writes a {book_name}_temp/ directory in your current working directory and may create many output files—run it in a dedicated workspace and back up important data. 4) Review code if you require higher assurance: the included scripts are plain Python and call local binaries; if you need to confirm no unexpected network/IO behavior, inspect the scripts (convert.py, glossary.py, merge_and_build.py, calibre_html_publish.py) before running. 5) Minor metadata note: the manifest redundantly lists ebook-convert in both bins/anyBins, which is harmless but worth noting. If you are comfortable with these points, the skill is internally consistent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md orchestration, and the included Python scripts (convert.py, glossary.py, merge_and_build.py, calibre_html_publish.py, etc.) all align with a book-translation pipeline. Required binaries (python3, pandoc, ebook-convert/Calibre) are appropriate. Minor redundancy: ebook-convert appears both in required bins and anyBins, but this is a benign metadata/detail issue.
Instruction Scope: noteSKILL.md instructs the agent to read a user-provided file path, convert it to Markdown chunks, build a glossary, spawn per-chunk sub-agents that receive chunk text and prompts, and write translated chunk outputs and metadata. This stays within the stated purpose. Important user-facing behavior: chunk contents are sent to LLM sub-agents (expected for translation), and the pipeline writes a <book>_temp/ working directory under the current cwd. The instructions do not ask the agent to scan arbitrary system files or exfiltrate data to external endpoints.
Install Mechanism: okThere is no remote install/download step in the skill manifest (instruction-only), and the repo includes local Python scripts. No URLs or download/extract install steps are present in the manifest. The runtime uses local binaries (Calibre, Pandoc) invoked by subprocesses; the code is local so install-time network fetch risk is low.
Credentials: okThe skill requests no environment variables or credentials. All operations are local (file I/O, subprocesses, spawning sub-agents). There are no declared secrets or unrelated service tokens.
Persistence & Privilege: okalways:false and no special persistence is requested. The skill requires allowed-tools (Read/Write/Bash/Agent/etc.), which lets it run local commands and spawn sub-agents — expected for a parallel translation pipeline. This combination increases blast radius if misused, but it is coherent with the skill's purpose and not excessive by itself.