Cohere Translator
PassAudited by ClawScan on May 17, 2026.
Overview
This appears to be a coherent Cohere translation skill, but users should know it sends selected text or files to Cohere using their API key.
Install only if you are comfortable sending the files you translate to Cohere and using your Cohere API key/quota. Prefer environment-variable key setup, avoid translating highly sensitive documents unless permitted, and make sure curl is installed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Documents or text selected for translation will leave the local environment and be processed by Cohere.
The documentation shows that the text being translated is sent to Cohere's API. This is expected for the skill's purpose, but it is still an external data flow.
POST https://api.cohere.ai/v2/chat ... "content": "Translate everything that follows into Japanese:\n\n{text}"Only translate files you are allowed to share with Cohere, and review Cohere's privacy, retention, and usage terms for sensitive documents.
The API key can consume the user's Cohere quota or paid usage, and on some systems a key passed through command-line arguments may be briefly visible to local process-inspection tools.
The script uses the user's Cohere API key to authorize requests. This is purpose-aligned, but it is sensitive credential handling.
"--header", f"Authorization: bearer {api_key}",Prefer setting COHERE_API_KEY in a private environment, avoid pasting keys into shared logs or commands, and rotate the key if you suspect exposure.
The skill may fail on systems without curl, and users relying only on registry metadata may not notice the runtime dependency.
The visible code depends on curl, while the registry requirements list no required binaries. README discloses curl, so this is a metadata/install clarity issue rather than suspicious execution.
subprocess.run(
["curl", "-s", "--request", "POST", API_URL,Ensure curl is available before use; the publisher should declare curl as a required binary in metadata.