Ai Company Translation Layer 1.0.1
v1.0.1AI Company EXEC translation layer coordination hub. Orchestrates four specialized translation agents (EN/ZH/RU/FR) for SKILL.md and documentation files. Rout...
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with required capabilities: it needs file read/write and the ability to spawn translation sub-agents (sessions_spawn). No unrelated env vars, binaries, or install steps are requested.
Instruction Scope
Instructions stay within translation coordination (validate file, route, spawn sub-agent, aggregate). However the coordinator forwards workspace file contents to external sub-agents and instructs updating a registry—the SKILL.md does not constrain or verify the permissions/behaviour of those sub-agents. That creates a plausible information-disclosure path (sub-agents could exfiltrate or make network calls if they have permissions).
Install Mechanism
Instruction-only skill with no install spec or external downloads; lowest installation risk.
Credentials
No environment variables, credentials, or config paths are requested. File read/write permission is appropriate for translating local files.
Persistence & Privilege
always:false and normal invocation are fine. The skill requests mcp privileges (sessions_spawn, sessions_send) which are necessary for orchestration but are powerful; combined with the ability to update a registry and to spawn other skills, this raises privilege chaining concerns if sub-agents or registry APIs are less constrained.
What to consider before installing
This coordinator is coherent for routing translations, but before installing: (1) inspect the four referenced sub-agent skills (EXEC-TR-EN/ZH/RU/FR) and confirm each one's permissions (network, file access, env vars) and SKILL.md; (2) verify how 'update registry' is implemented and whether it can modify global agent settings; (3) prefer running on non-sensitive test files first to confirm audit/logging behavior; (4) ensure platform enforces the stated mitigations (no external network calls, path-traversal checks, audit logs) and consider restricting sessions_spawn or requiring human approval when handling sensitive documents. If you cannot review the sub-agents or registry API, treat this skill as higher-risk.Like a lobster shell, security has layers — review code before you run it.
ai-companyexecution-layerlatestorchestrationtranslation
AI Company EXEC Translation Layer — Coordinator (v1.0.0)
Agent Role: Execution Layer — Translation Coordination Hub (EXEC-TR-COORD)
Owner: CMO | Quality: CQO | Security: CISO
Risk Level: Medium | CVSS Target: <7.0 | Quality Gate: G2
Language: Fully English | ClawHub Schema v1.0 | Harness Engineering Compliant
1. Purpose & Scope
The Translation Layer Coordinator routes translation requests to the appropriate specialized translation agent (EXEC-TR-EN, EXEC-TR-ZH, EXEC-TR-RU, EXEC-TR-FR) based on the target language parameter.
Sub-Agents:
| Agent | Target Language | Role ID | Emoji |
|---|---|---|---|
| EXEC-TR-EN | English | EXEC-TR-EN | 🇬🇧 |
| EXEC-TR-ZH | Chinese (Simplified) | EXEC-TR-ZH | 🇨🇳 |
| EXEC-TR-RU | Russian | EXEC-TR-RU | 🇷🇺 |
| EXEC-TR-FR | French | EXEC-TR-FR | 🇫🇷 |
2. Routing Logic
Input: source-file + target-language + style + output-dir
Step 1: Validate source-file (exists, <10MB, no path traversal)
Step 2: Route to appropriate agent:
- target-language == 'en' → ai-company-translator-en-1.0.0
- target-language == 'zh' → ai-company-translator-zh-1.0.0
- target-language == 'ru' → ai-company-translator-ru-1.0.0
- target-language == 'fr' → ai-company-translator-fr-1.0.0
- target-language == 'auto' → detect source language, route accordingly
Step 3: Delegate to target agent via sessions_spawn (isolated)
Step 4: Aggregate results, update registry
Step 5: Return consolidated output
3. Registry Entries (All 4 Agents)
agents:
- id: EXEC-TR-EN
name: ai-company-translator-en
slug: ai-company-translator-en
version: 1.0.0
target-language: en
emoji: "🇬🇧"
status: active
owner: CMO
- id: EXEC-TR-ZH
name: ai-company-translator-zh
slug: ai-company-translator-zh
version: 1.0.0
target-language: zh
emoji: "🇨🇳"
status: active
owner: CMO
- id: EXEC-TR-RU
name: ai-company-translator-ru
slug: ai-company-translator-ru
version: 1.0.0
target-language: ru
emoji: "🇷🇺"
status: active
owner: CMO
- id: EXEC-TR-FR
name: ai-company-translator-fr
slug: ai-company-translator-fr
version: 1.0.0
target-language: fr
emoji: "🇫🇷"
status: active
owner: CMO
4. Verification Checklist
- ClawHub Schema v1.0 frontmatter
- No hardcoded paths
- 4 sub-agents registered
- Routing logic documented
- Harness Engineering compliant
- CISO STRIDE mitigations documented
- CQO G2 quality gate documented
Comments
Loading comments...
