ElevenLabs
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed ElevenLabs API wrapper that needs a Maton API key and can send text/audio to Maton and ElevenLabs, so users should review credential and account-use implications before using it.
Use this skill only if you trust Maton as the managed authentication proxy for your ElevenLabs account. Keep MATON_API_KEY private, specify the intended connection when you have multiple accounts, and require confirmation before any create, update, delete, voice-cloning, or media-generation action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must trust the agent and Maton API path with account-authorized ElevenLabs operations.
The skill requires a bearer credential that authorizes access to the managed ElevenLabs integration.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store MATON_API_KEY securely, use only intended ElevenLabs connections, and revoke or rotate the key if it is exposed.
Improper use could create voice clones, generate media, change projects, or delete managed connections in the connected account.
The documentation acknowledges create/update/delete authority and adds an explicit approval requirement, making the authority purpose-aligned but still important.
**All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Confirm every write or delete action, including the target account, resource, and expected effect, before allowing the agent to proceed.
Text, audio, and voice samples provided to the skill may be transmitted to third-party services for processing.
The skill sends request content, including text-to-speech input and possible voice-cloning audio samples, through Maton to ElevenLabs.
Maton proxies requests to `api.elevenlabs.io` ... POST /elevenlabs/v1/text-to-speech/{voice_id} ... files: [audio_sample.mp3]Do not submit confidential text, private recordings, or voice samples unless you are comfortable with Maton and ElevenLabs processing them.
Installers or users may not get a fully consistent registry-level prompt about the credential requirement and provenance.
The registry information indicates an unknown source and an uneven credential declaration, even though the SKILL.md itself documents MATON_API_KEY.
Source: unknown ... Required env vars: MATON_API_KEY ... Env var declarations: none
Verify the publisher/homepage and make sure the platform clearly prompts for MATON_API_KEY before use.