Trust Assessment
text-translator received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via `translate-shell` arguments, Risk of sensitive file exfiltration through `trans -i`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via `translate-shell` arguments The skill wraps the `translate-shell` (`trans`) command. If user-provided input (e.g., the text to be translated, source/target languages, or other arguments) is directly interpolated into the shell command string without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. For example, providing `"; rm -rf /"` as part of the translation text could lead to arbitrary code execution on the host system. Implement robust input sanitization and shell escaping for all user-provided arguments before constructing and executing the `trans` command. Use a library function like `shlex.quote()` in Python or equivalent for other languages. Prefer passing arguments as a list to `subprocess.run()` rather than a single string with `shell=True`. | LLM | SKILL.md:18 | |
| HIGH | Risk of sensitive file exfiltration through `trans -i` The `translate-shell` tool supports reading content from local files using the `-i` flag (e.g., `trans -i input.txt`). If the skill allows users to specify arbitrary file paths for translation, it could be exploited to read sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, API keys) and send their content to Google Translate servers, leading to data exfiltration. This grants the skill excessive filesystem read permissions beyond its core translation function. Restrict the skill's ability to read arbitrary files. If file input is necessary, implement strict validation of file paths (e.g., only allow files within a specific, sandboxed directory, or disallow absolute paths). Consider processing file content within the agent environment before passing only the text to `trans` via standard input, rather than letting `trans` directly access the filesystem. | LLM | SKILL.md:24 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/text-translator/SKILL.md:1 | |
| MEDIUM | User data transmitted to third-party translation service The skill explicitly states that "Translation sends text to Google Translate servers." Any text provided by the user for translation will be transmitted to Google's servers. While the skill warns users not to translate sensitive data, this fundamental aspect of the skill represents a privacy concern, as user data leaves the local environment and is processed by a third party. Ensure users are fully aware of this data transmission. Implement clear consent mechanisms or prominent warnings before sensitive data might be processed. Consider adding a feature to redact or anonymize certain types of information before sending, if feasible and desired. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/21f988b4a2509677)
Powered by SkillShield