ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Company Translation Layer 1.0.1

v1.0.1

AI Company EXEC translation layer coordination hub. Orchestrates four specialized translation agents (EN/ZH/RU/FR) for SKILL.md and documentation files. Rout...

0· 32·1 current·1 all-time
by@johnsmithfan
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with required capabilities: it needs file read/write and the ability to spawn translation sub-agents (sessions_spawn). No unrelated env vars, binaries, or install steps are requested.
!
Instruction Scope
Instructions stay within translation coordination (validate file, route, spawn sub-agent, aggregate). However the coordinator forwards workspace file contents to external sub-agents and instructs updating a registry—the SKILL.md does not constrain or verify the permissions/behaviour of those sub-agents. That creates a plausible information-disclosure path (sub-agents could exfiltrate or make network calls if they have permissions).
Install Mechanism
Instruction-only skill with no install spec or external downloads; lowest installation risk.
Credentials
No environment variables, credentials, or config paths are requested. File read/write permission is appropriate for translating local files.
Persistence & Privilege
always:false and normal invocation are fine. The skill requests mcp privileges (sessions_spawn, sessions_send) which are necessary for orchestration but are powerful; combined with the ability to update a registry and to spawn other skills, this raises privilege chaining concerns if sub-agents or registry APIs are less constrained.
What to consider before installing
This coordinator is coherent for routing translations, but before installing: (1) inspect the four referenced sub-agent skills (EXEC-TR-EN/ZH/RU/FR) and confirm each one's permissions (network, file access, env vars) and SKILL.md; (2) verify how 'update registry' is implemented and whether it can modify global agent settings; (3) prefer running on non-sensitive test files first to confirm audit/logging behavior; (4) ensure platform enforces the stated mitigations (no external network calls, path-traversal checks, audit logs) and consider restricting sessions_spawn or requiring human approval when handling sensitive documents. If you cannot review the sub-agents or registry API, treat this skill as higher-risk.

Like a lobster shell, security has layers — review code before you run it.

ai-companyvk97axhc3wjmzpaxmwkw0q6z4gx85bnsdexecution-layervk97axhc3wjmzpaxmwkw0q6z4gx85bnsdlatestvk97axhc3wjmzpaxmwkw0q6z4gx85bnsdorchestrationvk97axhc3wjmzpaxmwkw0q6z4gx85bnsdtranslationvk97axhc3wjmzpaxmwkw0q6z4gx85bnsd
32downloads
0stars
1versions
Updated 22h ago
v1.0.1
MIT-0
@johnsmithfan
ai-companyexecution-layerlatestorchestrationtranslation
Download

AI Company EXEC Translation Layer — Coordinator (v1.0.0)

Agent Role: Execution Layer — Translation Coordination Hub (EXEC-TR-COORD)
Owner: CMO | Quality: CQO | Security: CISO
Risk Level: Medium | CVSS Target: <7.0 | Quality Gate: G2
Language: Fully English | ClawHub Schema v1.0 | Harness Engineering Compliant

1. Purpose & Scope

The Translation Layer Coordinator routes translation requests to the appropriate specialized translation agent (EXEC-TR-EN, EXEC-TR-ZH, EXEC-TR-RU, EXEC-TR-FR) based on the target language parameter.

Sub-Agents:

AgentTarget LanguageRole IDEmoji
EXEC-TR-ENEnglishEXEC-TR-EN🇬🇧
EXEC-TR-ZHChinese (Simplified)EXEC-TR-ZH🇨🇳
EXEC-TR-RURussianEXEC-TR-RU🇷🇺
EXEC-TR-FRFrenchEXEC-TR-FR🇫🇷

2. Routing Logic

Input: source-file + target-language + style + output-dir

Step 1: Validate source-file (exists, <10MB, no path traversal)
Step 2: Route to appropriate agent:
  - target-language == 'en'  → ai-company-translator-en-1.0.0
  - target-language == 'zh'  → ai-company-translator-zh-1.0.0
  - target-language == 'ru'  → ai-company-translator-ru-1.0.0
  - target-language == 'fr'  → ai-company-translator-fr-1.0.0
  - target-language == 'auto' → detect source language, route accordingly
Step 3: Delegate to target agent via sessions_spawn (isolated)
Step 4: Aggregate results, update registry
Step 5: Return consolidated output

3. Registry Entries (All 4 Agents)

agents:
  - id: EXEC-TR-EN
    name: ai-company-translator-en
    slug: ai-company-translator-en
    version: 1.0.0
    target-language: en
    emoji: "🇬🇧"
    status: active
    owner: CMO

  - id: EXEC-TR-ZH
    name: ai-company-translator-zh
    slug: ai-company-translator-zh
    version: 1.0.0
    target-language: zh
    emoji: "🇨🇳"
    status: active
    owner: CMO

  - id: EXEC-TR-RU
    name: ai-company-translator-ru
    slug: ai-company-translator-ru
    version: 1.0.0
    target-language: ru
    emoji: "🇷🇺"
    status: active
    owner: CMO

  - id: EXEC-TR-FR
    name: ai-company-translator-fr
    slug: ai-company-translator-fr
    version: 1.0.0
    target-language: fr
    emoji: "🇫🇷"
    status: active
    owner: CMO

4. Verification Checklist

  • ClawHub Schema v1.0 frontmatter
  • No hardcoded paths
  • 4 sub-agents registered
  • Routing logic documented
  • Harness Engineering compliant
  • CISO STRIDE mitigations documented
  • CQO G2 quality gate documented

Comments

Loading comments...