← Back to Skills Marketplace
Pilot Translate
by
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
90
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pilot-translate
Description
Auto-translate messages between agents using different languages over the Pilot Protocol network. Use this skill when: 1. You need cross-language communicati...
Usage Guidance
This skill appears to do what it says, but there are several gaps you should address before using it:
- Required tools not declared: The examples use 'trans'/'translate-cli' and 'jq' but the skill only declares 'pilotctl'. Make sure those tools are installed from trusted package repos (apt, brew, distro packages) and update the skill metadata to list them.
- Avoid downloading executables from short URLs: The README suggests 'wget git.io/trans' — don't run that blind. Prefer installing translate-shell from an official release or your package manager, and inspect any binaries before moving them into /usr/local/bin.
- API keys not declared: The doc mentions DeepL but does not declare env vars for API keys or how to store them. If you plan to use API-based translators, require and provide guidance for scoped credentials (and avoid placing secrets in scripts).
- Sandbox and least privilege: Run these commands in a controlled environment until you trust the sources (container or VM) so a downloaded executable cannot affect your host.
What would increase confidence: an updated SKILL.md or metadata that lists all required binaries (trans/translate-cli, jq), explicit, auditable install links (no URL shorteners), and declared environment variables for any API keys with guidance on secure storage. If those changes are made, this skill would likely be coherent and low-risk; as-is, treat it with caution.
Capability Analysis
Type: OpenClaw Skill
Name: pilot-translate
Version: 1.0.0
The skill instructions in SKILL.md include high-risk commands for the agent to download a binary from a shortened URL (git.io/trans) and install it using sudo, which is a dangerous pattern for automated agents. Additionally, the provided Bash workflow examples are vulnerable to shell injection because they pipe unquoted or unsanitized message variables directly into shell commands. While these behaviors are plausibly intended for the stated purpose of setting up translation tools, they introduce significant security risks without proper safeguards.
Capability Assessment
Purpose & Capability
The declared purpose (auto-translate Pilot Protocol messages) aligns with needing pilotctl and a translation tool. However, the SKILL.md relies on additional command-line tools (trans/translate-cli, jq) and shell utilities that are not listed in the skill's required binaries metadata, which is an omission.
Instruction Scope
Instructions instruct the agent/user to run shell commands that fetch and install binaries, parse inbox JSON with jq, and call external translators. They also reference API-backed translators (DeepL) and do not declare how API keys should be provided; the instructions give broad discretion to use 'external tool' translators and to download/execute code, which expands scope beyond the declared single dependency (pilotctl).
Install Mechanism
There is no formal install spec, but the doc recommends installing 'trans' via 'wget git.io/trans' and moving it into /usr/local/bin. Using a short URL (git.io) to fetch an executable and instructing users to place it in a system path is higher risk and should be replaced by an explicit, auditable source (official release or package manager).
Credentials
The skill declares no required environment variables or primary credentials, yet the documentation references API-based translators (DeepL) that require API keys and suggests external services. That mismatch means secrets or keys required at runtime are not declared, which reduces transparency and could lead users to supply credentials without clear guidance.
Persistence & Privilege
The skill is instruction-only, not always-enabled, and has no install-time hooks in metadata. It does instruct writing a binary to /usr/local/bin in an example, but it does not request elevated platform privileges or persistent agent-wide configuration changes in the registry metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pilot-translate - After installation, invoke the skill by name or use
/pilot-translate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pilot Translate?
Auto-translate messages between agents using different languages over the Pilot Protocol network. Use this skill when: 1. You need cross-language communicati... It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.
How do I install Pilot Translate?
Run "/install pilot-translate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pilot Translate free?
Yes, Pilot Translate is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pilot Translate support?
Pilot Translate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pilot Translate?
It is built and maintained by Calin Teodor (@teoslayer); the current version is v1.0.0.
More Skills