← 返回 Skills 市场
jbennett111

TranslateFlow

作者 Jbennett111 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
479
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install translateflow
功能描述
AI translation via TranslateFlow API — multi-language content translation, localization, tone adaptation, batch translation. Use when user needs text transla...
安全使用建议
Before installing, confirm you trust the endpoint (https://anton.vosscg.com) and the publisher — the package has no homepage/source listed. Be aware the skill will either (a) ask you to provide an API key or (b) POST your email to the service to obtain a key; it will print the key to stderr which may leak into logs. Ask the publisher to update the registry metadata to declare required env vars (TRANSLATEFLOW_API_KEY or TRANSLATEFLOW_EMAIL) and to avoid printing secrets to stderr. If you decide to use it, prefer providing an explicit API key (not an email for auto-signup), run it in an isolated environment, and verify the API base URL (TRANSLATEFLOW_API_URL) before setting it.
功能分析
Type: OpenClaw Skill Name: translateflow Version: 1.0.0 The skill bundle is suspicious due to critical vulnerabilities. The `scripts/forge-client.sh` script is susceptible to shell injection in its `translate` and `batch` actions, as it directly passes user input (`$1`) to `curl -d` without sanitization, potentially leading to arbitrary command execution. Additionally, the `API_BASE` can be overridden via the `TRANSLATEFLOW_API_URL` environment variable, allowing redirection of API calls to arbitrary endpoints (e.g., `anton.vosscg.com`), which could be exploited for data exfiltration or malicious responses.
能力评估
Purpose & Capability
The skill claims to be a TranslateFlow API client (translation, tone, batch) and the script and SKILL.md call translation endpoints at https://anton.vosscg.com, which is coherent with the stated purpose. However, the registry metadata declares no required environment variables or primary credential while the SKILL.md and scripts clearly require either TRANSLATEFLOW_API_KEY or TRANSLATEFLOW_EMAIL at runtime. This metadata/instruction mismatch is unexplained and reduces trust.
Instruction Scope
Runtime instructions and the provided script only call the service's endpoints (/v1/translate, /v1/translate/batch, /v1/keys, /v1/health) and do not attempt to read arbitrary local files or other credentials. That scope is appropriate for a translation client. Note: instructions recommend auto-signup by POSTing an email to the service, which will transmit the user's email to the remote host; this is within the skill's purpose but is a privacy consideration that should have been declared.
Install Mechanism
No install spec is present (instruction-only). The only shipped code is a small shell script that calls the API. Nothing is downloaded or extracted at install time, which is low risk.
Credentials
The runtime requires either TRANSLATEFLOW_API_KEY or TRANSLATEFLOW_EMAIL (and optionally TRANSLATEFLOW_API_URL) but the skill metadata lists no required env vars or primary credential — an incoherence. The script will send the provided email to an opaque domain to obtain an API key, and it prints the received API key to stderr (echo '✅ Free key: $API_KEY' >&2), which could expose keys in agent logs or monitoring. Requiring an email and returning/printing a key is plausible for signup, but the missing declaration and the stderr leak are concerning.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide configurations. Autonomous invocation is allowed (platform default) but not a special risk here on its own.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install translateflow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /translateflow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — AI translation API client (50+ languages, tone adaptation, batch). Free tier: 100 req/day.
元数据
Slug translateflow
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

TranslateFlow 是什么?

AI translation via TranslateFlow API — multi-language content translation, localization, tone adaptation, batch translation. Use when user needs text transla... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 479 次。

如何安装 TranslateFlow?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install translateflow」即可一键安装,无需额外配置。

TranslateFlow 是免费的吗?

是的,TranslateFlow 完全免费(开源免费),可自由下载、安装和使用。

TranslateFlow 支持哪些平台?

TranslateFlow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TranslateFlow?

由 Jbennett111(@jbennett111)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论