ClawHub

ElevenLabs Speech-to-Text

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward ElevenLabs transcription skill, but users should understand that selected audio files are sent to ElevenLabs for processing.

Install this only if you are comfortable sending the audio files you choose to ElevenLabs and using your ElevenLabs API key for that processing. Avoid submitting confidential, regulated, or consent-sensitive recordings unless your use of ElevenLabs is approved, and ensure jq is installed because the script depends on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to transcribe local audio through ElevenLabs' cloud API but does not clearly warn that audio content will be transmitted to a third-party service for processing. This can lead users to upload sensitive voice notes, meetings, or recordings without understanding the privacy, retention, or compliance implications, which is especially relevant for audio that may contain biometric voice data or confidential conversations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages users to transcribe local audio files with ElevenLabs but does not clearly disclose that those files are uploaded to a third-party external service for processing. This can lead users to send sensitive recordings, meetings, or voice notes off-device without informed consent, creating privacy, confidentiality, and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal