ClawHub

i18ncheck

v1.0.2

Internationalization & localization readiness scanner -- detects hardcoded strings, missing translations, locale-sensitive formatting, RTL issues, string con...

0· 47·0 current·0 all-time
by@suhteevah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, CLI commands in SKILL.md, and the shipped scripts (patterns.sh, analyzer.sh, i18ncheck.sh) all align: this is a local regex-based i18n scanner with hook/CI/watch/baseline features. The primaryEnv (I18NCHECK_LICENSE_KEY) is appropriate for tiered features. No unrelated cloud credentials or surprising capabilities are requested.
Instruction Scope
Runtime instructions are concrete and limited to local scanning, report generation, and installing lefthook pre-commit hooks. The code reads local config (~/.openclaw/openclaw.json), repo files (.i18ncheck-allowlist, .i18ncheck-baseline.json) and modifies repo lefthook.yml when installing hooks — all described in SKILL.md. I found no commands that exfiltrate data or hit external endpoints.
Install Mechanism
Install spec uses the official Homebrew formula 'lefthook' which is a reasonable, low-risk way to add the git-hook manager. Note: the install spec only lists a brew formula; while lefthook can also be installed via npm, the single brew entry may be less applicable on Windows without Homebrew installed (SKILL supports darwin/linux/win32). No arbitrary downloads or untrusted URLs are used.
Credentials
Declared primary credential I18NCHECK_LICENSE_KEY matches the license validation code. The scripts also optionally use tools/envars not listed as required (node, openssl) as fallbacks for parsing/crypto; these are optional and fall back to python3/jq. The license code also optionally reads CLAWHUB_JWT_SECRET for signature verification — this env var is unrelated to scanning itself but is optional and only used to verify JWT signatures if provided.
Persistence & Privilege
always:false and model invocation allowed (normal). The skill writes/edits repo-level lefthook.yml and runs lefthook install when installing hooks — this is expected for a pre-commit hook installer but it does modify repository config. It also reads the user's ~/.openclaw/openclaw.json (declared in metadata). No evidence the skill requires or changes other skills' configs or requests permanent platform-wide privileges.
Assessment
This skill appears to do what it claims: a local, regex-based i18n scanner with optional paid features gated by a JWT license key. Before installing: (1) be aware i18ncheck will modify/create lefthook.yml in your repo and run lefthook install when you run `i18ncheck hook install`; commit hooks will source the skill's scripts from the configured skill directory. (2) Pro/Team features require you to supply I18NCHECK_LICENSE_KEY (env var or ~/.openclaw/openclaw.json). (3) The scripts will try optional tools (node, openssl) if present — nothing malicious tied to those. If you want extra caution, inspect the scripts in SKILL_DIR/scripts/ before enabling hooks and consider running scans on a copy of your repo first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976zvmmg5rtjq26hrxq0gjwr584tjxx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌍 Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envI18NCHECK_LICENSE_KEY

Install

Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook

Comments