BluTranslate
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with file translation, but its workflow can send whole folders of documents to Bluente and may overwrite original files when saving results.
Before installing, confirm you are comfortable sending the selected documents to Bluente. Avoid choosing broad folders like the current directory unless you have reviewed the files. Do not save results into the same folder unless the script is changed to use safe, non-overwriting filenames, and remove any generated script that contains your API key.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Original documents could be overwritten by translated versions, causing accidental data loss.
If the output folder is the same as the source folder, the script saves the translated download with the original filename, which can replace the original file despite the wording that it will be saved next to the original.
"Same folder as source" ... "Save next to the originals" ... out_path = os.path.join(OUTPUT_DIR, filename) ... with open(out_path, "wb") as f: f.write(r.content)
Use non-overwriting output names such as adding a language suffix, check whether files already exist before writing, and ask for confirmation before replacing any file.
Private documents or spreadsheets in the selected folder may be sent to the translation provider.
The workflow uploads user-selected files, and potentially every matching document in a folder, to the Bluente API. This is expected for cloud translation, but it is a sensitive external data flow.
If the source path is a folder, find all translatable files in it (pdf, docx, pptx, xlsx, etc.) ... requests.post(f"{BASE}/upload?glossary=0&engine=3", headers=HEADERS, files={"file": f})Choose a narrow source folder, review the file list before upload, and confirm Bluente's privacy and retention terms for sensitive documents.
The API key may remain in a local script or chat context and could allow use of the user's Bluente account if exposed.
The skill asks for a Bluente API key and uses it in Authorization headers, which is necessary for the stated API integration, but the key is placed into a generated script.
"What is your Bluente API key?" ... API_KEY = "<API_KEY>" ... HEADERS = {"Authorization": f"Bearer {API_KEY}"}Use a temporary or least-privileged API key when possible, avoid sharing it in screenshots/logs, delete generated scripts containing the key, and revoke the key if it may have been exposed.
A locally generated script will access selected files and the network during translation.
The skill has no bundled code, but it directs the agent to generate and run local Python that reads files, makes network requests, and writes outputs. This is central to the stated workflow but should be visible to the user.
Write and execute a single Python script that handles the entire translation workflow for all files.
Review the generated Python before running it, run it from an appropriate working directory, and avoid granting access to folders that contain unrelated sensitive files.