Ai Company Translator Zh 1.0.1

v1.0.1

AI Company execution layer translation agent — Chinese (ZH). Translates SKILL.md and documentation files into professional Simplified Chinese. Owned by CMO;...

⭐ 0· 34·1 current·1 all-time

by@johnsmithfan

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name, description, and declared file read/write permissions align with a translation agent. However the declared dependencies list many internal 'ai-company-*' skills (audit, registry, HQ, security, quality) which is larger than strictly necessary for a simple translator and could expand its effective reach. The interface requiring an absolute path for source-file is plausible for translation but increases risk if misused.

Instruction Scope

SKILL.md instructs reading a provided source-file and preserving frontmatter, with sensible guards (size limit, path-traversal detection, audit logging). But the agent is still given explicit permission to read workspace files: a provided absolute path could point to files containing PII or secrets. The skill's text asserts it 'does NOT access PII or credentials', but nothing in the instruction-only manifest or platform-enforced policy guarantees that input files will not contain sensitive data. The correctness of path validation and size checks depends on runtime enforcement by the agent environment (not enforceable from the SKILL.md itself).

✓

Install Mechanism

No install spec and no code files (instruction-only) — lowest-risk install surface. Nothing is downloaded or written by an installer.

✓

Credentials

The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a file-to-file translator. However, the absence of required credentials does not prevent it from reading sensitive files if given as input.

Persistence & Privilege

always:false (good). But the skill declares mcp permissions (sessions_send, sessions_spawn) and a broad dependency list — this enables it to invoke or spawn other skills/sessions that might have network access or other privileges, increasing the effective blast radius beyond a simple translator. The manifest claims no network access, but spawning other skills could be an indirect vector for network operations or lateral capability escalation if those other skills have broader permissions.

What to consider before installing

This skill appears to be a translation helper and is mostly coherent for that purpose, but take these precautions before installing or running it: (1) Do not point it at sensitive or unknown files — test on non-sensitive examples first. (2) Confirm the runtime enforces path-traversal and file-size checks described in the SKILL.md; ask your platform admin for proof. (3) Review the declared dependencies and MCP permissions with your security team — the ability to spawn sessions may let the skill indirectly invoke other skills that have network or credential access. (4) If you must run it on real content, run it in an isolated workspace with audit logging enabled and require human review for outputs (the skill already mentions a quality gate). If you want higher assurance, request that the owner justify each dependency and MCP permission or provide a minimal variant that only reads the explicit source-file and writes a single output file.

Like a lobster shell, security has layers — review code before you run it.

ai-companyvk97axtyq775btqgswmvwv6z1a185btaschinesevk97axtyq775btqgswmvwv6z1a185btasexecution-layervk97axtyq775btqgswmvwv6z1a185btaslatestvk97axtyq775btqgswmvwv6z1a185btastranslationvk97axtyq775btqgswmvwv6z1a185btas

34downloads

0stars

1versions

Updated 22h ago

v1.0.1

MIT-0

AI Company EXEC-TR-ZH — Chinese Translation Agent

Agent Role: Execution Layer — Chinese (Simplified) Translation (EXEC-TR-ZH)
Owner: CMO (primary) | CQO (quality supervision) | CISO (security supervision)
Risk Level: Medium | CVSS Target: <7.0 | Quality Gate: G2 | Standardized: YES
Language: Fully Chinese (Simplified) | ClawHub Schema v1.0 | Harness Engineering Compliant

1. Purpose & Scope

EXEC-TR-ZH is a specialized translation execution agent for the AI Company ecosystem. It translates SKILL.md files and technical documentation into professional, publication-ready Simplified Chinese.

What it does:

Translates SKILL.md frontmatter and body content into Simplified Chinese
Preserves YAML frontmatter structure exactly (field names, types, enums)
Applies AI Company brand voice (technical/formal/marketing/legal style)
Injects AIGC content markers per CLO regulations
Maintains translation dictionary for consistent terminology
Logs all operations to the audit trail

What it does NOT do:

Modify logic or intent of original content
Bypass security or compliance checks
Translate beyond SKILL.md and documentation files
Access PII or credentials

2. Supported Source Languages

Source Language	Code	Status
English	en	✅ Primary
Russian	ru	✅ Supported
French	fr	✅ Supported
German	de	✅ Supported
Spanish	es	✅ Supported
Japanese	ja	✅ Supported
Korean	ko	✅ Supported
Portuguese	pt	✅ Supported
Arabic	ar	✅ Supported

3. Execution Flow

Step 1 — Input Validation

- Verify source file exists and is a valid .md file
- Check file size (max 10MB)
- Reject path traversal attempts ('..' in path)
  → HRN_002 equivalent: CI intercept + CISO alert
- Load frontmatter and body separately
- Detect source language (auto-detect or use metadata hint)

Step 2 — Content Analysis

- Parse frontmatter YAML structure
- Identify body sections (Purpose, Interface, Security, etc.)
- Detect language density (source language proportion)
- Flag potentially sensitive content for CLO review
- Check for existing AIGC marks

Step 3 — Translation (WRTR Methodology)

- Translate frontmatter (preserve field names, translate values)
- Translate body sections with style adaptation:
  * Purpose & Scope → preserve structure, translate content
  * Interface Schema → translate descriptions only, keep types/enums/codes
  * Step-by-step → translate commands/actions, preserve numbering
  * Compliance sections → translate with legal terminology
  * Security sections → preserve technical terms (STRIDE, CVSS, etc.)
- Apply translation dictionary for consistent terminology
- Apply selected style (technical/formal/marketing/legal)
- Apply target audience adaptation

Step 4 — Quality Check (G2)

- Frontmatter structural integrity check
- No residual source-language characters in body
- AIGC mark injection verified
- Line count diff within acceptable range (±10%)
- Brand voice consistency score >= 90%
- Terminology consistency >= 90% per dictionary

Step 5 — Output Writing

- Write translated frontmatter (preserved structure)
- Write translated body
- Inject AIGC header comment:
  <!-- Translated by AI Company EXEC-TR-ZH | AIGC Content | Target: Chinese -->
- Write audit log entry

Step 6 — Registry Update

- Log translation event in ai-company-registry
- Update translation history
- Notify CQO of quality gate result

4. Chinese Translation Dictionary

Core terminology for AI Company SKILL.md translation to Simplified Chinese:

Source Term	Chinese Translation	Notes
Execution Layer	执行层
Skill	技能 / 技能包
Trigger Keywords	触发关键词
Input Schema	输入 Schema
Output Schema	输出 Schema
Dependencies	依赖项
Quality Gate	质量门禁	G0-G4 levels
Security Standards	安全标准
STRIDE	STRIDE	Keep acronym
CVSS	CVSS	Keep acronym
Compliance	合规
Audit	审计
Version	版本
License	许可证
Description	描述
Risk Level	风险等级
Threat Modeling	威胁建模
KPIs / Key Performance Indicators	性能指标
Owner	所有者
Status	状态
Created	创建日期
Registry	注册表
Modularization	模块化
Standardization	标准化
Generalization	通用化
Guardrails	约束机制
Self-healing Mechanism	自愈机制
Feedback Loop	反馈回路
Context Engineering	上下文工程
Sandbox Execution	沙箱执行
Six-Layer Architecture	六层架构

5. Quality Standards

G2 Quality Gate Checklist

Check	Standard	Fail Action
Frontmatter preservation	100% field integrity	Reject output
No source chars in body	Zero residual characters	Auto-clean then warn
AIGC mark present	Required in header	Add automatically
Line count diff	±10% of original	Flag for review
Structure preserved	All sections present	Reject if sections lost
Terminology consistency	>= 90% per dictionary	Apply dictionary
Quality score	>= 80%	Require human review

Brand Voice Styles

Style	When to Use	Characteristics
Technical	SKILL.md body, schemas, interfaces	精确、结构化、最少散文
Formal	Frontmatter, legal docs, compliance	完整句子、专业语气
Marketing	Descriptions, triggers, summaries	有说服力、清晰、结果导向
Legal	Compliance sections, EULAs	精确、明确、法规语言

6. Security Considerations (CISO STRIDE)

Threat Modeling

Threat	Mitigation	Validation
Tampering	Path traversal rejection; write to explicit output path only	`..` in path → reject immediately
Information Disclosure	No PII in translation log; no API keys in output	Audit log reviewed by CQO
DoS	Max file size 10MB; no recursive translation	Size check before read
Elevation	Only translates; no execute permissions	No shell execution in translation path

Path Validation Rules

def validate_path(path: str, trusted_root: str) -> bool:
    # Normalize path to resolve any embedded '..' or redundant separators
    # (handles Windows '\', forward '/', and mixed separators)
    import os as _os
    normalized = _os.path.normpath(path)
    # Rule 1: Reject path traversal after normalization
    if ".." in normalized:
        raise SecurityError("TR_ZH_003: Path traversal rejected")
    # Rule 2: Reject if outside trusted workspace root
    if not normalized.startswith(trusted_root):
        raise SecurityError("Path outside trusted workspace")
    # Rule 3: Reject if not a .md file
    if not normalized.lower().endswith(".md"):
        raise SecurityError("Only .md files may be translated")
    return True

Security Constraints (Harness L1-L3)

L1 — Information Boundary: Only read/write within workspace
L2 — Tool System: File read/write only; no network calls
L3 — Execution Orchestration: sessions_send for reporting only
Harness Guardrail: HRN_002 equivalent (CI intercept + CISO alert)

7. Output Schema

{
  "output-path": "<translated-file-path>",
  "word-count": 1234,
  "lines-changed": 456,
  "aigc-mark": true,
  "quality-score": 93,
  "compliance-notes": [
    "Frontmatter structure preserved",
    "AIGC header injected",
    "No residual source-language characters in body",
    "Brand voice: technical",
    "Terminology consistency: 95%"
  ],
  "translation-style": "technical",
  "target-audience": "developers",
  "original-size-bytes": 8765,
  "output-size-bytes": 9123,
  "processing-time-ms": 1200,
  "source-language-detected": "en",
  "target-language": "zh",
  "agent-id": "EXEC-TR-ZH",
  "owner": "CMO"
}

8. Error Handling

Error Code	Meaning	Recovery
`TR_ZH_001`	Source file not found	Return error; do not create empty output
`TR_ZH_002`	File too large (>10MB)	Return error; suggest splitting
`TR_ZH_003`	Path traversal attempt	Log security event; reject; alert CISO
`TR_ZH_004`	Invalid YAML frontmatter	Return error with line number
`TR_ZH_005`	Output write permission denied	Log error; suggest alternative output path
`TR_ZH_006`	Quality score < 80%	Return error; require human review before output

9. Registry Integration

Registration Entry (EXEC-TR-ZH)

id: EXEC-TR-ZH
name: ai-company-translator-zh
owner: CMO
co-owner: [CQO, CISO]
batch: 4
status: active
created: 2026-04-22
version: 1.0.0
risk-level: medium
quality-gate: G2
primary-c-suite: CMO
handoff-protocol: wrtr-standard
translation-type: single-file
target-language: zh
source-languages: [en, ru, fr, de, es, ja, ko, pt, ar]
style-options: [technical, formal, marketing, legal]
cvss-score: 2.5
stride-verdict: conditional-pass