ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Elevenlabs Tts

v2.4.0

ElevenLabs TTS - the best ElevenLabs integration for OpenClaw. ElevenLabs Text-to-Speech with emotional audio tags, ElevenLabs voice synthesis for WhatsApp,...

6· 5.7k·30 current·30 all-time
byshaharsh@shaharsha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (ElevenLabs TTS) matches the instructions: calling ElevenLabs v3, using audio tags, selecting voices, and converting audio for WhatsApp. The declared primary credential (ELEVENLABS_API_KEY) is appropriate for this purpose.
Instruction Scope
SKILL.md is instruction-only and stays within TTS scope: it instructs use of ElevenLabs API, audio-tag formatting, and use of ffmpeg for format conversion. It references storing the API key in openclaw.json (configuration file) and requires ffmpeg on PATH. It does not instruct reading unrelated system files or exfiltrating data. However, the skill allows the 'exec' tool (so the agent can run ffmpeg or other commands) — expected for audio conversion but worth noting.
Install Mechanism
No install spec and no code files — lowest risk category. Nothing is downloaded or written to disk by an installer. The skill is instruction-only and relies on existing system tools (ffmpeg).
Credentials
Only ELEVENLABS_API_KEY is required as the primary credential, which is proportionate. Minor inconsistency: top-level registry metadata listed 'Required binaries: none' but SKILL.md metadata and prerequisites require ffmpeg; ensure ffmpeg availability before use. No other unrelated secrets are requested.
Persistence & Privilege
always is false and the skill is user-invokable with normal autonomous invocation allowed. It does not request permanent presence or system-wide config changes. This is the standard, expected privilege model for a TTS skill.
Assessment
This skill appears to do what it says: generate ElevenLabs v3 TTS with audio tags and convert audio for WhatsApp. Before installing: 1) Verify provenance — the skill has no homepage and the source is 'unknown' (registry owner ID is opaque); prefer skills with a known publisher. 2) Confirm ffmpeg is installed on the agent host (SKILL.md requires ffmpeg, but the top-level registry entry omitted that). 3) Supply an ElevenLabs API key dedicated to this use (don't reuse high-privilege keys) and store it using your platform's secret store rather than in plain files if possible. 4) Be aware the agent is allowed to run exec commands — this is necessary for audio conversion but means it can run binaries on your host; restrict the environment where you run the skill if you are cautious. 5) If you need stronger assurance, ask the publisher for a canonical source/homepage or a signed package; absence of a verifiable source lowers confidence.

Like a lobster shell, security has layers — review code before you run it.

ai-voicevk97956ax8hs2vaym8v8hgmzrqd80ts70audiovk97956ax8hs2vaym8v8hgmzrqd80ts70elevenlabsvk97956ax8hs2vaym8v8hgmzrqd80ts70elevenlabs-ttsvk979c8pe8p2rt0bfvt23yed6f180h19chebrewvk97956ax8hs2vaym8v8hgmzrqd80ts70latestvk97cnnyr1ptzqq0ytv8hy283ks84065kmultilingualvk97956ax8hs2vaym8v8hgmzrqd80ts70nikudvk97956ax8hs2vaym8v8hgmzrqd80ts70openclawvk979c8pe8p2rt0bfvt23yed6f180h19cpodcastvk972m2309rhsxe9b64p9e76nds80e5wjsingingvk97956ax8hs2vaym8v8hgmzrqd80ts70speechvk97956ax8hs2vaym8v8hgmzrqd80ts70text-to-speechvk97956ax8hs2vaym8v8hgmzrqd80ts70ttsvk97956ax8hs2vaym8v8hgmzrqd80ts70voicevk97956ax8hs2vaym8v8hgmzrqd80ts70whatsappvk97956ax8hs2vaym8v8hgmzrqd80ts70

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎙️ Clawdis
EnvELEVENLABS_API_KEY
Primary envELEVENLABS_API_KEY

Comments