ClawHub

Elevenlabs Integration with Openclaw

Security checks across malware telemetry and agentic risk

Overview

This ElevenLabs voice tool is coherent, but it needs Review because it can expose the API key in debug/test flows and handles sensitive voice uploads without enough privacy and consent guardrails.

Install only if you are comfortable sending selected text, audio, and voice samples to ElevenLabs. Use voice cloning only with explicit permission from the speaker, avoid confidential or regulated recordings unless approved, do not run transcribe with DEBUG enabled in shared logs, and prefer protected environment/config storage over command-line API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises voice cloning, transcription, dubbing, and audio upload capabilities but does not warn about consent, biometric privacy, or handling of sensitive recordings. In a voice-processing skill, this omission can normalize unsafe use of personal audio and cloned voices, increasing the risk of privacy violations, unauthorized voice replication, or processing of confidential recordings.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The setup instructions tell users to export the API key directly in the shell and place it in a local config file without cautioning about shell history, file permissions, or secret management. This can lead to accidental credential exposure on shared machines, in copied config files, or through insecure operational practices, though it is documentation risk rather than an active exfiltration mechanism.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Voice cloning involves highly sensitive biometric data and can enable impersonation, fraud, or non-consensual synthesis if users are not clearly warned about consent and lawful use. The skill normalizes cloning workflows without requiring or even mentioning proof of consent, which increases misuse risk in a tool specifically designed to create synthetic voices.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Transcription and dubbing send user audio to a third-party API, which may expose private conversations, personal data, or regulated content if users are unaware of the external transfer. The omission is security-relevant because the skill handles potentially sensitive audio/video content and presents these operations as routine without a privacy notice or data-handling warning.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits user-provided local audio samples to ElevenLabs for voice cloning, but it does not present an explicit privacy/data-transfer warning at the point of upload. Because voice samples are biometric and potentially sensitive, users may unknowingly send personal or third-party data to an external service, creating privacy, consent, and compliance risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script uploads the user-supplied audio file to ElevenLabs' remote API, but it does not present an explicit privacy or data-handling warning at the point of transmission. Because audio may contain sensitive voiceprints, conversations, or personal data, sending it off-device without clear consent or disclosure creates a genuine privacy risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
When DEBUG is enabled, the script logs the fully expanded curl command, including the xi-api-key header. This exposes the ElevenLabs API key in plaintext to terminal output, logs, CI job traces, or shell history capture, allowing anyone with access to those logs to reuse the credential.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The test suite performs live API calls that send user-provided or generated text/audio to ElevenLabs, but it does not clearly warn the operator that external network transmission will occur. In a security-sensitive or privacy-sensitive environment, this can cause unintended disclosure of prompts, generated speech, or local audio content during routine testing.

External Transmission

Medium
Category
Data Exfiltration
Content
START_TIME=$(date +%s)

RESPONSE=$(curl -s -X POST "https://api.elevenlabs.io/v1/voices/add" \
    -H "xi-api-key: $API_KEY" \
    "${FORM_DATA[@]}" 2>&1) || {
    log_error "Failed to connect to ElevenLabs API"
Confidence
93% confidence
Finding
https://api.elevenlabs.io/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal