pdf2zh-next翻译
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward PDF translation wrapper, but users should verify the external pdf2zh program and translation provider before using it with private documents.
Before installing, verify the pdf2zh-next executable source/path, review config.toml to understand the active provider, avoid cloud translation for confidential PDFs unless acceptable, keep any API keys scoped, and use specific input paths and reasonable worker counts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an unexpected or malicious executable with that name is on PATH, the skill could run it during translation.
The wrapper depends on an external pdf2zh executable that is not packaged in the skill; this is central to the stated purpose but makes the trustworthiness of the installed CLI important.
for name in ["pdf2zh_next", "pdf2zh-next", "pdf2zh"]:
path = shutil.which(name)
...
raise RuntimeError("pdf2zh CLI not found. Install pdf2zh-next first, or provide --exe-path.")Install pdf2zh-next from a trusted source and, if possible, provide a known absolute executable path.
If you add API keys, the configured provider account may be used and billed for translations.
The bundled configuration is designed to hold translation-provider credentials, though the included values are placeholders rather than hardcoded secrets.
openai_api_key = "null" ... deepseek_api_key = "null" ... azure_api_key = "null"
Use provider keys with limited scope where available, avoid storing unrelated credentials, and review provider billing/privacy settings.
Private PDF contents could be sent to a selected translation service as part of normal translation.
The configuration enables/selects translation services and includes cloud provider endpoints, so PDF text may be processed by the configured translation provider.
siliconflowfree = true ... aliyun_dashscope_base_url = "https://dashscope.aliyuncs.com/compatible-mode/v1" ... siliconflow_base_url = "https://api.siliconflow.cn/v1"
Confirm which provider is active before use, and avoid sending confidential documents to remote services unless that is acceptable.