Elevenlabs Integration with Openclaw
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward ElevenLabs voice tool, but it sends selected audio/text and your ElevenLabs API key to ElevenLabs and can create voice resources in your account.
Install only if you are comfortable giving the skill an ElevenLabs API key and sending selected audio, video, or text to ElevenLabs. Be especially careful with voice cloning: use only samples you have rights or consent to process, and avoid sharing command logs that may contain secrets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using voice cloning can consume quota and create a sensitive voice asset tied to the user's ElevenLabs account.
The skill can upload selected sample files and create a cloned voice in the user's ElevenLabs account. This is disclosed and purpose-aligned, but it is an account-mutating action.
RESPONSE=$(curl -s -X POST "https://api.elevenlabs.io/v1/voices/add" ...); FORM_DATA+=(-F "files=@$sample")
Only allow cloning or voice deletion when explicitly requested, and only use audio samples you have permission to process.
Someone with access to local command history or process information could potentially see the API key if it is passed this way.
The test script allows the ElevenLabs API key to be passed as a command-line argument, which is convenient but can expose secrets in shell history or local process listings.
if [[ -n "${1:-}" ]]; then
export ELEVENLABS_API_KEY="$1"
log_info "Using API key from command line"Prefer setting ELEVENLABS_API_KEY through a protected environment or configuration mechanism, avoid passing it as a command-line argument, and redact logs before sharing.
Audio, video, or text processed by the skill may leave the local machine and be handled by ElevenLabs.
The transcription workflow uploads a user-selected local audio file to ElevenLabs. This external provider data flow is expected for the feature, but audio may contain private speech.
CURL_CMD=(curl -s -X POST "https://api.elevenlabs.io/v1/speech-to-text" ...); FORM_DATA+=(-F "file=@$AUDIO_FILE")
Use the skill only with files you are comfortable sending to ElevenLabs, and review ElevenLabs' privacy, retention, and consent requirements.