Back to skill

Security audit

MoodCast

Security checks across malware telemetry and agentic risk

Overview

MoodCast is a coherent ElevenLabs text-to-audio skill, but users should know it sends provided text to ElevenLabs and may install its Python dependency automatically if missing.

Install only if you are comfortable sending selected text, voice settings, and ambient prompts to ElevenLabs using your API key. Avoid using it on secrets, regulated data, or confidential material unless your organization permits that. Consider pre-installing and pinning the ElevenLabs dependency yourself so the skill does not modify the Python environment at first run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from elevenlabs import play
except ImportError:
    print("Installing elevenlabs package...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "elevenlabs", "-q"])
    from elevenlabs.client import ElevenLabs
    from elevenlabs import play
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "elevenlabs", "-q"])

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes a local Python script and requires an API key, which means it uses shell execution and environment access without explicitly declaring permissions. This weakens platform trust boundaries and can cause users or hosts to run code with broader capabilities than the manifest communicates.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
For a text-to-audio skill, silently installing packages at runtime grants the script software installation capability that is broader than necessary and can execute unreviewed code from external sources. In skill contexts, this is especially risky because users may not expect environment modification just to run a media utility.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes transforming arbitrary user text via ElevenLabs features and APIs, but it does not clearly warn that submitted text will be transmitted to a third-party service. Users may unknowingly send sensitive, proprietary, or personal content off-platform, creating privacy, compliance, and data-handling risk even though this is documentation rather than executable code.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Trigger phrases such as "make this sound good," "create audio for," and "read with emotion" are broad enough to match ordinary conversation and may invoke the skill unintentionally. Unintended activation can send user-provided content to the script and onward to external APIs, creating privacy and consent risks beyond mere usability issues.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill clearly sends user text to ElevenLabs text-to-speech and sound-effects services, but the description does not prominently warn users that their input will be transmitted to an external third party. In a skill that processes arbitrary text, this omission increases the risk of sensitive or confidential content being shared without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code installs a dependency automatically without prior confirmation, which can surprise users and expose them to dependency confusion, compromised package, or environment integrity risks. This is a real operational security issue even if not overtly malicious.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-provided text is sent to the ElevenLabs external API for speech generation, but the script does not clearly warn users that their input leaves the local environment. This can cause unintended disclosure of sensitive or proprietary text, especially if the tool is used on confidential content.

Missing User Warnings

Low
Confidence
83% confidence
Finding
Ambient prompt text is also transmitted to an external service without explicit disclosure. The content may be less sensitive than full narration text, but it is still user-supplied data sent off-host and should be treated transparently.

Unpinned Dependencies

Low
Category
Supply Chain
Content
elevenlabs>=1.0.0
Confidence
96% confidence
Finding
elevenlabs>=1.0.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.