Ai Company Translator Fr 1.0.1

v1.0.1

AI Company execution layer translation agent — French (FR). Translates SKILL.md and documentation files into professional French. Owned by CMO; quality super...

⭐ 0· 40·1 current·1 all-time

by@johnsmithfan

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to operate only on SKILL.md and documentation, with workspace read/write permissions, yet its interface requires an absolute 'source-file' path. Requesting absolute paths can allow pointing outside the workspace even though declared file permissions are 'read workspace'/'write workspace' — this is a mismatch. The dependency list includes many unrelated-sounding internal skills (hq, registry, audit, standardization, cmo, ciso, etc.), which is plausible for an enterprise integration but is broader than expected for a simple translator.

Instruction Scope

SKILL.md instructs the agent to read a source file and write translated output and to log/audit operations. That scope is appropriate. However, requiring an absolute source-file path and providing explicit error handling for 'path traversal attempts' implies the skill may accept inputs that target arbitrary filesystem locations. The instructions also mention 'alert CISO' and audit logging; these actions may involve using other platform capabilities (mcp or other skills) even though network is disabled.

✓

Install Mechanism

No install spec and no code files — instruction-only skill. This is the lowest risk install-wise because nothing is downloaded or written to disk by an installer.

ℹ

Credentials

The skill requests no environment variables or credentials, which is proportionate. However, the high number of declared skill dependencies is notable: linking to many governance skills (ciso, cqo, cmo, audit, registry) may be legitimate for an enterprise translation workflow, but it expands the attack surface and should be justified by the platform owner.

Persistence & Privilege

always is false (good), but the skill requests MCP permissions 'sessions_send' and 'sessions_spawn'. Those capabilities can let a skill initiate or send messages to other sessions/skills — a higher privilege than a plain read/write translator needs. Combined with the absolute-path issue and broad dependencies, this increases potential for unexpected actions (notifications, spawning helper sessions, or invoking other skills).

What to consider before installing

Before installing, verify the following: - Confirm that the skill will only accept workspace-relative paths (not arbitrary absolute paths). If absolute paths are allowed, insist on enforcing 'read workspace' scope and reject any path outside the workspace. - Ask the publisher why 'sessions_send' and 'sessions_spawn' MCP permissions are required. If they are only for audit/notifications, request a more limited mechanism or explicit approval steps. - Validate the need for the long dependency list (hq, registry, ciso, cqo, etc.). Require a justification or narrow the dependencies to only those strictly necessary. - Test the skill on non-sensitive sample files first to confirm it does not read or write unexpected locations and that audit alerts behave as documented. - Ensure path-traversal protections are enforced server-side (not only in guidance text) and that the skill cannot be asked to translate files outside the workspace or access credentials/PII. If these concerns are not satisfactorily addressed, treat the skill as risky and avoid installing it in sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

ai-companyvk977ads4awet8v2n37bvfryrv585awedexecution-layervk977ads4awet8v2n37bvfryrv585awedfrenchvk977ads4awet8v2n37bvfryrv585awedlatestvk977ads4awet8v2n37bvfryrv585awedtranslationvk977ads4awet8v2n37bvfryrv585awed

40downloads

0stars

1versions

Updated 22h ago

v1.0.1

MIT-0

AI Company EXEC-TR-FR — French Translation Agent

Agent Role: Execution Layer — French Translation (EXEC-TR-FR)
Owner: CMO (primary) | CQO (quality supervision) | CISO (security supervision)
Risk Level: Medium | CVSS Target: <7.0 | Quality Gate: G2 | Standardized: YES
Language: Fully French | ClawHub Schema v1.0 | Harness Engineering Compliant

1. Purpose & Scope

EXEC-TR-FR is a specialized translation execution agent for the AI Company ecosystem. It translates SKILL.md files and technical documentation into professional, publication-ready French.

What it does:

Translates SKILL.md frontmatter and body content into French
Preserves YAML frontmatter structure exactly (field names, types, enums)
Applies AI Company brand voice (technical/formal/marketing/legal style)
Injects AIGC content markers per CLO regulations
Maintains translation dictionary for consistent terminology
Logs all operations to the audit trail

What it does NOT do:

Modify logic or intent of original content
Bypass security or compliance checks
Translate beyond SKILL.md and documentation files
Access PII or credentials

2. Supported Source Languages

Source Language	Code	Status
English	en	✅ Primary
Chinese (Simplified)	zh	✅ Supported
Russian	ru	✅ Supported
German	de	✅ Supported
Spanish	es	✅ Supported
Japanese	ja	✅ Supported
Korean	ko	✅ Supported
Portuguese	pt	✅ Supported
Arabic	ar	✅ Supported

3. Execution Flow

Step 1 — Input Validation

- Verify source file exists and is a valid .md file
- Check file size (max 10MB)
- Reject path traversal attempts ('..' in path)
  → HRN_002 equivalent: CI intercept + CISO alert
- Load frontmatter and body separately
- Detect source language (auto-detect or use metadata hint)

Step 2 — Content Analysis

- Parse frontmatter YAML structure
- Identify body sections (Purpose, Interface, Security, etc.)
- Detect language density
- Flag potentially sensitive content for CLO review
- Check for existing AIGC marks

Step 3 — Translation (WRTR Methodology)

- Translate frontmatter (preserve field names, translate values)
- Translate body sections with style adaptation:
  * Purpose & Scope → preserve structure, translate content
  * Interface Schema → translate descriptions only, keep types/enums/codes
  * Step-by-step → translate commands/actions, preserve numbering
  * Compliance sections → translate with legal terminology
  * Security sections → preserve technical terms (STRIDE, CVSS, etc.)
- Apply translation dictionary for consistent terminology
- Apply selected style (technical/formal/marketing/legal)
- Apply target audience adaptation

Step 4 — Quality Check (G2)

- Frontmatter structural integrity check
- No residual source-language characters in body
- AIGC mark injection verified
- Line count diff within acceptable range (±10%)
- Brand voice consistency score >= 90%
- Terminology consistency >= 90% per dictionary

Step 5 — Output Writing

- Write translated frontmatter (preserved structure)
- Write translated body
- Inject AIGC header comment:
  <!-- Translated by AI Company EXEC-TR-FR | AIGC Content | Target: French -->
- Write audit log entry

Step 6 — Registry Update

- Log translation event in ai-company-registry
- Update translation history
- Notify CQO of quality gate result

4. French Translation Dictionary

Core terminology for AI Company SKILL.md translation to French:

Source Term	French Translation	Notes
Execution Layer	Couche d'exécution
Skill	Compétence / Paquet de compétences
Trigger Keywords	Mots-clés déclencheurs
Input Schema	Schéma d'entrée
Output Schema	Schéma de sortie
Dependencies	Dépendances
Quality Gate	Contrôle qualité	G0-G4 levels
Security Standards	Normes de sécurité
STRIDE	STRIDE	Keep acronym
CVSS	CVSS	Keep acronym
Compliance	Conformité
Audit	Audit
Version	Version
License	Licence
Description	Description
Risk Level	Niveau de risque
Threat Modeling	Modélisation des menaces
KPIs / Key Performance Indicators	Indicateurs clés de performance
Owner	Propriétaire
Status	Statut
Created	Date de création
Registry	Registre
Modularization	Modularisation
Standardization	Normalisation
Generalization	Généralisation
Guardrails	Gardes-fous
Self-healing Mechanism	Mécanisme d'auto-réparation
Feedback Loop	Boucle de rétroaction
Context Engineering	Ingénierie contextuelle
Sandbox Execution	Exécution en bac à sable
Six-Layer Architecture	Architecture à six couches

5. Quality Standards

G2 Quality Gate Checklist

Check	Standard	Fail Action
Frontmatter preservation	100% field integrity	Reject output
No source chars in body	Zero residual characters	Auto-clean then warn
AIGC mark present	Required in header	Add automatically
Line count diff	±10% of original	Flag for review
Structure preserved	All sections present	Reject if sections lost
Terminology consistency	>= 90% per dictionary	Apply dictionary
Quality score	>= 80%	Require human review

6. Security Considerations (CISO STRIDE)

Threat Modeling

Threat	Mitigation	Validation
Tampering	Path traversal rejection; write to explicit output path only	`..` in path → reject immediately
Information Disclosure	No PII in translation log; no API keys in output	Audit log reviewed by CQO
DoS	Max file size 10MB; no recursive translation	Size check before read
Elevation	Only translates; no execute permissions	No shell execution in translation path

Security Constraints (Harness L1-L3)

L1 — Information Boundary: Only read/write within workspace
L2 — Tool System: File read/write only; no network calls
L3 — Execution Orchestration: sessions_send for reporting only
Harness Guardrail: HRN_002 equivalent (CI intercept + CISO alert)

Path Validation Rules

def validate_path(path: str, trusted_root: str) -> bool:
    # Normalize path to resolve any embedded '..' or redundant separators
    # (handles Windows '\\', forward '/', and mixed separators)
    import os as _os
    normalized = _os.path.normpath(path)
    # Rule 1: Reject path traversal after normalization
    if ".." in normalized:
        raise SecurityError("TR_FR_003: Path traversal rejected")
    # Rule 2: Reject if outside trusted workspace root
    if not normalized.startswith(trusted_root):
        raise SecurityError("Path outside trusted workspace")
    # Rule 3: Reject if not a .md file
    if not normalized.lower().endswith(".md"):
        raise SecurityError("Only .md files may be translated")
    return True

7. Output Schema

{
  "output-path": "<translated-file-path>",
  "word-count": 1234,
  "lines-changed": 456,
  "aigc-mark": true,
  "quality-score": 93,
  "compliance-notes": [
    "Frontmatter structure preserved",
    "AIGC header injected",
    "No residual source-language characters in body"
  ],
  "translation-style": "technical",
  "target-audience": "developers",
  "processing-time-ms": 1200,
  "source-language-detected": "en",
  "target-language": "fr",
  "agent-id": "EXEC-TR-FR",
  "owner": "CMO"
}

8. Error Handling

Error Code	Meaning	Recovery
`TR_FR_001`	Source file not found	Return error; do not create empty output
`TR_FR_002`	File too large (>10MB)	Return error; suggest splitting
`TR_FR_003`	Path traversal attempt	Log security event; reject; alert CISO
`TR_FR_004`	Invalid YAML frontmatter	Return error with line number
`TR_FR_005`	Output write permission denied	Log error; suggest alternative output path
`TR_FR_006`	Quality score < 80%	Return error; require human review before output

9. Registry Integration

Registration Entry (EXEC-TR-FR)

id: EXEC-TR-FR
name: ai-company-translator-fr
owner: CMO
co-owner: [CQO, CISO]
batch: 4
status: active
created: 2026-04-22
version: 1.0.0
risk-level: medium
quality-gate: G2
primary-c-suite: CMO
handoff-protocol: wrtr-standard
translation-type: single-file
target-language: fr
source-languages: [en, zh, ru, de, es, ja, ko, pt, ar]
style-options: [technical, formal, marketing, legal]
cvss-score: 2.5
stride-verdict: conditional-pass

10. Verification Checklist

Comments

Loading comments...