Skillv1.1.0

ClawScan security

Crazyrouter Translate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 1:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a straightforward translation client, but there are mismatches between its manifest and runtime instructions (missing declared env var and Node dependency) and a prompt-injection pattern was detected in the SKILL.md — review before installing or giving keys.
Guidance: This skill appears to be a normal Crazyrouter-based translator, but before installing: 1) Verify the registry metadata mismatch — the SKILL.md and script require CRAZYROUTER_API_KEY (and Node) even though the registry lists none. 2) Only provide an API key you trust to send data to crazyrouter.com; consider creating a scoped/test key and review Crazyrouter's privacy policy. 3) Expect that any file you translate will be uploaded to Crazyrouter; avoid sending sensitive files. 4) Confirm Node is available in the runtime, or the script will fail. 5) Review the bundled scripts/main.mjs (you already have it) and consider running in a sandboxed environment and monitoring network calls if you want to be safe. 6) If you are unsure, ask the publisher for clarification on why the manifest omits the API key and node requirement before granting access.
Findings: [system-prompt-override] expected: The script builds a system-role message ('You are a professional translator...') and the SKILL.md references translation guidance; using a system message is expected for controlling model output in a translation skill. The scanner flagged a 'system-prompt-override' pattern in SKILL.md, which is plausible here but should be reviewed to confirm it isn't trying to override higher-level agent/system prompts inappropriately.

Review Dimensions

Purpose & Capability: concernThe stated purpose (translation via Crazyrouter) matches the code: the script sends text/files to Crazyrouter using a CRAZYROUTER_API_KEY. However the registry metadata claims no required environment variables or binaries, while both the SKILL.md and scripts/main.mjs require CRAZYROUTER_API_KEY and invocation via node. This metadata omission is inconsistent and could mislead users about what secrets and runtime support are needed.
Instruction Scope: noteSKILL.md instructs the agent to verify CRAZYROUTER_API_KEY and run the bundled Node script on user-provided text or files. The instructions and script do not attempt to read arbitrary system files or other credentials, but they will send any supplied file contents to the external Crazyrouter API. The SKILL.md and script include system-role/system-prompt style content for model guidance (expected for translation), but a prompt-injection pattern was detected in the SKILL.md — likely because the skill sets a system message for the model. This is plausible for translation but worth reviewing.
Install Mechanism: concernThere is no install spec (instruction-only), which is lower risk, but the skill includes an executable script that requires Node. The registry did not declare Node as a required binary. The lack of declared runtime dependency (node) is an inconsistency that could cause surprises when running the skill.
Credentials: concernThe code legitimately requires CRAZYROUTER_API_KEY (and optionally CRAZYROUTER_BASE_URL) to call the Crazyrouter API — this is proportionate to the described functionality. However, the registry metadata lists no required env vars, which is inconsistent. Also note that any file contents you provide will be transmitted to an external service (crazyrouter.com/v1), so consider privacy and data sensitivity before sending files.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges (always is false, it doesn't modify other skills or system configs). Autonomous invocation is allowed by default but not an additional concern here by itself.