Back to skill
Skillv1.0.0
VirusTotal security
Elevenlabs Conversational · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:00 AM
- Hash
- 4dd5b6121aa70616a9403bb5f4125dc5ff51aea9259d0757b78324a107c8fd4f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: elevenlabs-conversational Version: 1.0.0 The skill is suspicious due to potential arbitrary file write and read vulnerabilities in `scripts/elevenlabs_api.py`. The script directly uses user-provided arguments for output file paths (`--output` in `cmd_tts`, `cmd_tts_stream`) and input file paths (`--files` in `cmd_clone_voice`) without apparent sanitization or path validation. This could allow a malicious agent prompt or user input to write to arbitrary locations on the filesystem or read sensitive files, respectively. While these capabilities are part of the skill's stated purpose (saving audio, cloning voices from files), the lack of input validation makes it a significant vulnerability, not malicious intent.
- External report
- View on VirusTotal