Skillv1.0.0

ClawScan security

skill-to-cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 9:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (generate and translate a skill directory), but its runtime instructions give the model broad read/write authority over arbitrary skill files and the script modifies code docstrings/comments in ways that can change behavior — the design lacks safeguards and could cause unintended or unsafe changes.
Guidance: This skill is coherent with its goal (translating a skill tree into Chinese), but exercise caution before using it on real or sensitive skills. Key points to consider: - Backup first: create a copy of the source skill directory before running the script or let the script write to a custom output path. Test on a non-critical skill first. - Review the script: the provided Python script modifies comments and docstrings (it converts triple-quoted docstrings into commented lines), which can remove runtime docstrings (__doc__) and may change program behavior or affect tools that rely on docstrings. - Avoid secrets: do not point the tool at directories that may contain credentials, tokens, or other sensitive files — the process will read and copy all files under the given path. - Use --no-translate for an initial dry run: the script supports copying the structure without performing translation; use that to verify the produced skeleton before automatic text substitution. - Inspect translations before use: the SKILL.md requires the model to write back translated files. Review the translated files manually (especially scripts) before enabling or distributing the translated skill. - Symlink/path caution: the script resolves paths and may follow symlinks; ensure the supplied path is correct to avoid operating on unexpected locations. If you need stronger guarantees (no code mutation, only translate docs), request a version that restricts translations to documentation files (README, SKILL.md, references) and does not alter code files or docstrings.

Review Dimensions

Purpose & Capability: okName, description, and included script align: the skill's goal is to produce a Chinese copy of another skill and the bundle contains a script that walks a skill directory, marks translatable items, and copies files into a <name>-cn target. No extra credentials, binaries, or unrelated dependencies are requested.
Instruction Scope: concernSKILL.md explicitly instructs Claude to read every generated target file, find all '[待翻译]' markers and replace them with translated text, and write back files. That requires full read/write access to arbitrary files in the specified skill directory. The script also transforms Python docstrings into comment lines (losing runtime docstrings), and the agent is given wide discretion about how to translate text (including translating program output and prompts). There are no safety checks, sandboxing, or explicit instructions to avoid altering executable logic. This broad file mutation scope could unintentionally break code or alter behavior; if source files contain sensitive data, they will be read and written.
Install Mechanism: okInstruction-only skill with no install spec and a local Python script. No network downloads or external install steps are present. This is a low-risk install mechanism from the package-delivery perspective.
Credentials: okThe skill asks for no environment variables, credentials, or config paths. It operates on filesystem paths supplied by the user (defaulting to ~/.claude/skills/<skill>/), which is appropriate for its stated purpose. However, because it reads arbitrary files under the provided path, users should avoid targeting directories that contain secrets or unrelated sensitive data.
Persistence & Privilege: okalways:false and no system-wide configuration changes are requested. The skill creates a sibling -cn directory for the translated skill and preserves file permissions. It does not request permanent/global privileges or modify other skills' configurations in its code.