Cuihua i18n Helper

This skill appears to do what it says — extract strings and manage locale files — but review a few things before you run it on a real repo: - Credentials: The documentation says it supports DeepL/Google/OpenAI/Azure, but the skill metadata declares no API keys. Expect the tool to ask you for provider keys at runtime or to attempt network calls; do not paste secrets into prompts without verifying where they are stored/used. - File writes: The tool will read your source tree and write/update locales/*.json and can auto-fix code. Run it first on a copy or in a branch so you can review changes. - Network behavior: Inspect the rest of i18n-helper.js (the truncated portion) for any outbound network calls or hard-coded endpoints before giving it network access. If it tries to call translation APIs, ensure you provide credentials via safe environment variables and not in a chat. - Least privilege: If you only need extraction, avoid enabling automatic translation or --fix until you confirm behavior. Prefer local/self-hosted providers (LibreTranslate) if you want to avoid sending strings to third-party services. What would change this assessment: seeing explicit code that contacts translation provider endpoints and where it expects API keys (or evidence that no provider integration exists). If the script includes clear, well-documented environment variable names for provider credentials and instructions on secure usage, the proportionality concern would be reduced.