ClawHub

xdoc-translationx

v1.0.0

Translate documents and text between multiple languages with support for glossaries, translation memory, and various file formats via Xdoc Translation API.

0· 96·0 current·0 all-time
by@yangsongbai1·duplicate of @yangsongbai1/xdoc-translation
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, manifest, and SKILL.md all describe a document/text translation API. The only declared credential is XDOC_API_KEY and the endpoints listed (files/create_upload_url, translate/document, text/translate, glossary/memory endpoints, etc.) align with the stated capabilities.
Instruction Scope
SKILL.md instructs the agent to obtain an API key, create upload URLs, upload user files, submit translations, poll status, and download results. It does not direct reading of unrelated system files, other environment variables, or transmission to third-party endpoints outside translation.x-doc.ai. It reminds users to keep API keys private.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and no external packages are fetched. That minimizes install-time risk.
Credentials
Only one required environment credential (XDOC_API_KEY) is declared and used. That is proportional and expected for an API-based translation service. No unrelated secrets or config paths are requested.
Persistence & Privilege
Permissions show always: false. disable-model-invocation is false (agent may invoke autonomously), which is the platform default and not inherently a concern for this coherent skill. The skill does not request system-wide configuration changes.
Assessment
This skill appears coherent with its stated purpose, but before installing: 1) Verify the domain (translation.x-doc.ai / x-doc.ai) is the legitimate vendor and that you trust their privacy policy and 7-day retention claim. 2) Only provide an API key created for this purpose; do not paste keys into public logs. 3) Avoid uploading highly sensitive data unless you're comfortable with the vendor's retention/processing and have confirmed any compliance needs (PII, regulated data). 4) Test with non-sensitive files first to confirm behavior and billing/quota impact. 5) If you need strict control over data, prefer an on-prem or enterprise solution or confirm data-deletion workflows and key revocation procedures. 6) Note the skill can be invoked autonomously by the agent (normal default); if you want manual control, disable autonomous invocation in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97267682qk9a4yfwxs6m7hs7h832e6w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments