Back to skill
Skillv1.0.0
VirusTotal security
translate-manual · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:00 AM
- Hash
- 996d38c5a91e7901beb6ad6dc04f35c5f29e73970f9e8829e6ed7ba5795ffea4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: translate-manual Version: 1.0.0 The skill bundle provides legitimate DOCX translation and screenshot replacement functionality but contains high-risk instructions for the AI agent. Specifically, SKILL.md directs the agent to execute shell commands like 'pnpm dev' or 'npm run start:dev' to launch applications, which could lead to arbitrary code execution if the project directory contains malicious scripts. Additionally, translator.py retrieves API keys from environment variables and transmits document content to an external endpoint (api.deeplx.org), which is necessary for the stated purpose but involves handling sensitive credentials and data.
- External report
- View on VirusTotal