Language Anchor
ReviewAudited by ClawScan on May 15, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Before installing, make sure you want the agent to enforce one response language across the configured scope. Keep the language setting to a supported ISO-style code, and narrow the target agents, models, or sessions if global enforcement would interfere with other workflows. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Publisher note
This plugin only uses the before_prompt_build hook to inject language instruction text into the system prompt and turn context. No file system access, no network requests, no shell execution. Purely text injection.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may refuse to answer in a different language even when a user or workflow asks for it; this is the intended function of the skill.
The plugin intentionally inserts high-priority language instructions into both system and turn context, which can override other language preferences.
appendSystemContext: `[LANGUAGE ENFORCEMENT — MANDATORY SYSTEM OVERRIDE] ${instruction} THIS OVERRIDES ALL OTHER INSTRUCTIONS ABOUT LANGUAGE.`, prependContext: `[MANDATORY: ${instruction}]\n---`Install only if you want language enforcement, and use targetAgents, targetModels, and targetSessions to limit where it applies.
A malformed or untrusted language setting could place unexpected text in a high-priority prompt instruction.
Unsupported language configuration values are echoed into the injected prompt text. This appears to be trusted user/admin configuration, but it should not be exposed to untrusted input.
return `Regardless of what language the user writes in, you must ALWAYS respond in English. Never use any other language. (Requested language "${langCode}" is not supported; defaulting to English.)`;Use only supported two-letter language codes; the publisher should ideally validate against an enum and avoid echoing raw unsupported values into prompts.
A single install can affect many conversations until the plugin is disabled or narrowed in configuration.
The plugin starts automatically and targets all agents and sessions by default, so its prompt modifications persist broadly while enabled.
"activation": { "onStartup": true }, ... "targetAgents": { ... "default": ["*"] }, ... "targetSessions": { ... "default": ["*"] }Confirm the default global targeting is desired, or configure specific agents, models, or sessions.