ClawHub

Firm I18n Audit Pack

v1.0.0

Internationalization audit pack. Locale file scanning and missing translation key detection. 1 i18n tool.

0· 270·1 current·1 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an i18n audit tool (openclaw_i18n_audit) for scanning locale files, which is a coherent purpose, but the package declares no binaries, no code files, and no install spec that would provide that tool. That omission is disproportionate to the stated capability.
Instruction Scope
Runtime instructions are narrowly scoped (run openclaw_i18n_audit with a config_path and scan locale files). They correctly imply filesystem access to the provided config and locale files. The SKILL.md warns results are AI-generated and require human validation — which is appropriate.
!
Install Mechanism
This is an instruction-only skill with no install spec and no shipped code. The SKILL.md metadata references 'mcp-openclaw-extensions >= 3.0.0' but the top-level skill metadata does not provide an install or indicate how the openclaw_i18n_audit tool will be made available. That gap is a red flag: either the platform provides the extension (not documented here) or the skill is incomplete.
Credentials
The skill requests no environment variables, no credentials, and no config paths beyond the user-supplied config_path. This level of access is proportionate for a locale-file scanner.
Persistence & Privilege
The skill does not request always: true and uses normal invocation settings. It doesn't declare persistent or elevated privileges.
What to consider before installing
This skill's declared functionality (openclaw_i18n_audit) is reasonable for an i18n audit, but the package provides no binary, no code, and no install instructions that would supply that tool. Before installing or using it, ask the publisher or registry: (1) Where does openclaw_i18n_audit come from? Is it provided by the platform or by the referenced mcp-openclaw-extensions package? (2) Provide an explicit install spec or a link to the extension's trusted source (e.g., official registry or GitHub release). Also: run the tool in an isolated environment first, review the config.json you pass (it will be read from disk), and verify any third-party extension code (mcp-openclaw-extensions) for safety. If you cannot confirm where the tool comes from, treat the skill as incomplete and avoid granting it access to sensitive paths or running it on production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk974zc65cf9185wf6tenewcxd9823bjx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments