Back to skill

Security audit

ElevenLabs Speech-to-Text

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward ElevenLabs transcription skill that sends user-selected audio to ElevenLabs for processing, with no hidden persistence or unrelated data transfer found.

Install only if you are comfortable sending the audio files you choose to ElevenLabs for transcription. Avoid using it for confidential, regulated, or consent-sensitive recordings unless your ElevenLabs use is approved, keep the API key out of source control, and ensure jq is installed before relying on the script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and demonstrates shell execution via a local script but does not declare corresponding permissions. Missing permission disclosure weakens user awareness and any policy or runtime checks that depend on explicit capability declarations, increasing the chance that shell-capable skills are installed or trusted without understanding their execution surface.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README clearly instructs users to use an external cloud transcription service, which necessarily involves transmitting audio content to ElevenLabs, but it does not explicitly warn about the privacy and data-handling implications of uploading potentially sensitive recordings. This is dangerous because users may process confidential, regulated, or personal audio without understanding that the data leaves their local environment and becomes subject to a third party's policies and retention practices.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description says it transcribes audio with ElevenLabs but does not clearly warn that user audio is uploaded to a third-party service. This can lead users to submit sensitive recordings under the mistaken assumption that processing is local, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The API key setup instructions show how to place a live credential in configuration but do not warn users to treat it as sensitive, avoid committing it to source control, and prefer secure secret storage. This omission can lead to accidental credential exposure and unauthorized use of the transcription account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads the provided audio file to ElevenLabs' external speech-to-text service, but it does not provide any explicit runtime warning, consent prompt, or clear disclosure that local audio contents will leave the host. This can expose sensitive voice data, conversations, or embedded personal information if users assume transcription is performed locally or are unaware of the third-party transfer.

External Transmission

Medium
Category
Data Exfiltration
Content
CURL_ARGS=(
    -s
    -X POST
    "https://api.elevenlabs.io/v1/speech-to-text"
    -H "xi-api-key: $API_KEY"
    -F "file=@$FILE"
    -F "model_id=scribe_v2"
Confidence
90% confidence
Finding
https://api.elevenlabs.io/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.