Skillv1.0.0

ClawScan security

Elevenlabs Conversational · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 12:53 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with its ElevenLabs TTS/Conversational AI purpose and only require the declared ElevenLabs API key; no unrelated credentials, downloads, or system-wide privileges are requested.
Guidance: This skill appears to do what it says: it calls the official ElevenLabs API and only needs your ELEVENLABS_API_KEY. Before installing or running it: 1) Only provide audio files for cloning that you have rights to—voice-cloning can have legal/ethical implications. 2) Be aware audio files you supply for clone-voice will be uploaded to the ElevenLabs service; treat your API key like a secret and don't share it with untrusted code. 3) The clone-voice multipart implementation is handcrafted in the script and may be brittle—review/test in a safe environment. 4) If you are unsure who published this skill, consider obtaining the ElevenLabs API key from a limited-scope account or rotate the key after testing. Overall, the package is internally coherent and does not request unrelated privileges.

Review Dimensions

Purpose & Capability: okThe name/description (ElevenLabs TTS, voice cloning, conversational agents) matches the included script and SKILL.md examples: listing voices, TTS (including streaming), agent CRUD, and voice cloning. Required credential (ELEVENLABS_API_KEY) is appropriate for ElevenLabs API access and nothing unrelated is requested.
Instruction Scope: okSKILL.md instructs the agent to run the bundled Python script with arguments. The script only reads the declared ELEVENLABS_API_KEY, accesses audio files supplied by the user (for cloning), writes audio output files, and talks to the ElevenLabs API (api.elevenlabs.io). It does not read arbitrary system files, other environment variables, or send data to unknown endpoints. The Twilio/LiveKit integration sections are advisory patterns (no hidden webhooks or other network operations are invoked by the script).
Install Mechanism: okThere is no install spec or external download; this is instruction-only with a bundled Python script. No external packages are fetched or arbitrary archives extracted. Running the script requires a local Python runtime but does not install software or create system-wide artifacts.
Credentials: okOnly ELEVENLABS_API_KEY is required and declared as the primary credential. That is proportionate to the described functionality (API calls to ElevenLabs). No additional SECRET/TOKEN/PASSWORD vars or unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or agent system config, and does not require persistent system-level privileges. It runs on demand and only performs API calls and local file reads/writes as described.