Skillv1.0.0

ClawScan security

TranslateFlow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 2:38 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions mostly match a translation API, but the registry metadata omits required environment variables and the included script will post user email to an opaque third‑party endpoint and prints retrieved API keys to stderr — these inconsistencies and privacy/leakage risks warrant caution.
Guidance: Before installing, confirm you trust the endpoint (https://anton.vosscg.com) and the publisher — the package has no homepage/source listed. Be aware the skill will either (a) ask you to provide an API key or (b) POST your email to the service to obtain a key; it will print the key to stderr which may leak into logs. Ask the publisher to update the registry metadata to declare required env vars (TRANSLATEFLOW_API_KEY or TRANSLATEFLOW_EMAIL) and to avoid printing secrets to stderr. If you decide to use it, prefer providing an explicit API key (not an email for auto-signup), run it in an isolated environment, and verify the API base URL (TRANSLATEFLOW_API_URL) before setting it.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a TranslateFlow API client (translation, tone, batch) and the script and SKILL.md call translation endpoints at https://anton.vosscg.com, which is coherent with the stated purpose. However, the registry metadata declares no required environment variables or primary credential while the SKILL.md and scripts clearly require either TRANSLATEFLOW_API_KEY or TRANSLATEFLOW_EMAIL at runtime. This metadata/instruction mismatch is unexplained and reduces trust.
Instruction Scope: noteRuntime instructions and the provided script only call the service's endpoints (/v1/translate, /v1/translate/batch, /v1/keys, /v1/health) and do not attempt to read arbitrary local files or other credentials. That scope is appropriate for a translation client. Note: instructions recommend auto-signup by POSTing an email to the service, which will transmit the user's email to the remote host; this is within the skill's purpose but is a privacy consideration that should have been declared.
Install Mechanism: okNo install spec is present (instruction-only). The only shipped code is a small shell script that calls the API. Nothing is downloaded or extracted at install time, which is low risk.
Credentials: concernThe runtime requires either TRANSLATEFLOW_API_KEY or TRANSLATEFLOW_EMAIL (and optionally TRANSLATEFLOW_API_URL) but the skill metadata lists no required env vars or primary credential — an incoherence. The script will send the provided email to an opaque domain to obtain an API key, and it prints the received API key to stderr (echo '✅ Free key: $API_KEY' >&2), which could expose keys in agent logs or monitoring. Requiring an email and returning/printing a key is plausible for signup, but the missing declaration and the stderr leak are concerning.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide configurations. Autonomous invocation is allowed (platform default) but not a special risk here on its own.