Subtitle Translator
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says: translate user-provided SRT subtitle files through a user-specified LLM API, with the main risks clearly related to API-key handling and sending subtitle text to an external service.
Before installing or using this skill, confirm that you trust the API URL and any proxy configured in your environment. Do not use it for confidential subtitles unless you control or trust the LLM endpoint, and handle the API key carefully.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your LLM API key will be used by the script and sent to the API URL you provide.
The script requires an API key and sends it as a Bearer token to the configured API endpoint. This is expected for an LLM translation integration, but it is still sensitive credential handling.
parser.add_argument('--api-key', '-k', required=True, help='API key') ... 'Authorization': f'Bearer {api_key}'Use only trusted HTTPS API endpoints, prefer narrowly scoped or revocable API keys, and avoid storing keys in plaintext files.
Subtitle contents may be visible to the API provider or any configured proxy, which matters if the subtitles contain private or confidential material.
The skill discloses that subtitle text leaves the local environment and is sent to a user-specified external LLM-compatible API.
All subtitle content is sent to the API endpoint. Do not use with sensitive/confidential content unless you control the API
Use this only with subtitle files you are comfortable sending to the selected provider, and verify proxy settings before running it.