← 返回 Skills 市场
Pilot Translate
作者
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pilot-translate
功能描述
Auto-translate messages between agents using different languages over the Pilot Protocol network. Use this skill when: 1. You need cross-language communicati...
安全使用建议
This skill appears to do what it says, but there are several gaps you should address before using it:
- Required tools not declared: The examples use 'trans'/'translate-cli' and 'jq' but the skill only declares 'pilotctl'. Make sure those tools are installed from trusted package repos (apt, brew, distro packages) and update the skill metadata to list them.
- Avoid downloading executables from short URLs: The README suggests 'wget git.io/trans' — don't run that blind. Prefer installing translate-shell from an official release or your package manager, and inspect any binaries before moving them into /usr/local/bin.
- API keys not declared: The doc mentions DeepL but does not declare env vars for API keys or how to store them. If you plan to use API-based translators, require and provide guidance for scoped credentials (and avoid placing secrets in scripts).
- Sandbox and least privilege: Run these commands in a controlled environment until you trust the sources (container or VM) so a downloaded executable cannot affect your host.
What would increase confidence: an updated SKILL.md or metadata that lists all required binaries (trans/translate-cli, jq), explicit, auditable install links (no URL shorteners), and declared environment variables for any API keys with guidance on secure storage. If those changes are made, this skill would likely be coherent and low-risk; as-is, treat it with caution.
功能分析
Type: OpenClaw Skill
Name: pilot-translate
Version: 1.0.0
The skill instructions in SKILL.md include high-risk commands for the agent to download a binary from a shortened URL (git.io/trans) and install it using sudo, which is a dangerous pattern for automated agents. Additionally, the provided Bash workflow examples are vulnerable to shell injection because they pipe unquoted or unsanitized message variables directly into shell commands. While these behaviors are plausibly intended for the stated purpose of setting up translation tools, they introduce significant security risks without proper safeguards.
能力评估
Purpose & Capability
The declared purpose (auto-translate Pilot Protocol messages) aligns with needing pilotctl and a translation tool. However, the SKILL.md relies on additional command-line tools (trans/translate-cli, jq) and shell utilities that are not listed in the skill's required binaries metadata, which is an omission.
Instruction Scope
Instructions instruct the agent/user to run shell commands that fetch and install binaries, parse inbox JSON with jq, and call external translators. They also reference API-backed translators (DeepL) and do not declare how API keys should be provided; the instructions give broad discretion to use 'external tool' translators and to download/execute code, which expands scope beyond the declared single dependency (pilotctl).
Install Mechanism
There is no formal install spec, but the doc recommends installing 'trans' via 'wget git.io/trans' and moving it into /usr/local/bin. Using a short URL (git.io) to fetch an executable and instructing users to place it in a system path is higher risk and should be replaced by an explicit, auditable source (official release or package manager).
Credentials
The skill declares no required environment variables or primary credentials, yet the documentation references API-based translators (DeepL) that require API keys and suggests external services. That mismatch means secrets or keys required at runtime are not declared, which reduces transparency and could lead users to supply credentials without clear guidance.
Persistence & Privilege
The skill is instruction-only, not always-enabled, and has no install-time hooks in metadata. It does instruct writing a binary to /usr/local/bin in an example, but it does not request elevated platform privileges or persistent agent-wide configuration changes in the registry metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pilot-translate - 安装完成后,直接呼叫该 Skill 的名称或使用
/pilot-translate触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Pilot Translate 是什么?
Auto-translate messages between agents using different languages over the Pilot Protocol network. Use this skill when: 1. You need cross-language communicati... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Pilot Translate?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pilot-translate」即可一键安装,无需额外配置。
Pilot Translate 是免费的吗?
是的,Pilot Translate 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pilot Translate 支持哪些平台?
Pilot Translate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pilot Translate?
由 Calin Teodor(@teoslayer)开发并维护,当前版本 v1.0.0。
推荐 Skills