Pilot Translate
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The translation workflow is coherent, but its setup recommends installing an unverified downloaded translator and may send message contents through third-party translation services.
Review the external translator installation before using this skill. Prefer a trusted, verified translation tool and avoid sending secrets, personal data, or confidential customer information through third-party translation services or to unverified agents.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could install and later run a different or tampered executable than intended.
The setup downloads a translator from a shortened, unpinned URL, marks it executable, and installs it onto the system PATH without verification.
wget git.io/trans chmod +x ./trans sudo mv trans /usr/local/bin/
Install translation tools from trusted package managers or official release pages, verify checksums or signatures, and avoid installing unverified downloads with sudo.
Message contents, including any sensitive business or customer details typed into messages, may be processed by a translation provider and shared with another agent.
The workflow pipes message text into an external translation tool and then sends the translated text to another agent over Pilot Protocol.
TRANSLATED=$(echo "$MESSAGE" | trans en:es -brief) pilotctl --json send-message agent-b --data "$TRANSLATED"
Use only approved translation providers, prefer self-hosted translation for sensitive data, and confirm the recipient agent before sending.
Future Pilot messages may continue to be auto-translated until the setting is disabled or changed.
The skill documents enabling a persistent auto-translation setting in Pilot configuration.
pilotctl --json config --set auto-translate=true
Review Pilot configuration after use and disable auto-translation when it is no longer needed.