Elevenlabs AI
v1.0.0Access ElevenLabs APIs for text-to-speech, speech-to-speech, realtime speech-to-text, voice/model management, and dialogue workflows with direct HTTP calls.
⭐ 0· 1.3k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name and SKILL.md focus on ElevenLabs text-to-speech, speech-to-speech, realtime STT, voices/models and dialogue workflows. The inputs it describes (xi-api-key or single-use token, voice IDs, model IDs, output formats) are exactly what ElevenLabs API usage requires, so the requested capabilities match the stated purpose. Note: the manifest shows no declared required environment variables — the skill expects API keys as runtime inputs rather than baked-in env vars, which is a reasonable design but worth noting.
Instruction Scope
Runtime instructions reference only the included reference docs and ElevenLabs endpoints (api.elevenlabs.io, wss://api.elevenlabs.io). There are no instructions to read unrelated local files, harvest environment variables, or transmit data to unexpected endpoints. The SKILL.md also includes explicit safety guidance (do not log API keys, use single-use tokens) which limits scope creep.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. That presents a low installation risk (nothing will be written to disk or fetched during install).
Credentials
The skill legitimately needs an ElevenLabs API key or single-use token at runtime; this is proportionate to its function. However, the registry metadata declares no required env vars or primary credential. That is not necessarily malicious (the skill may expect the user to supply keys per-request), but users should confirm how they will provide credentials (ephemeral token vs. long-lived key) and whether the agent will persist them.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. There is no install behavior, no evidence it modifies other skills or system-wide settings, and no persistent background presence. Autonomous invocation remains allowed by default, which is normal for skills and not a concern here by itself.
Assessment
This skill appears to be a plain, textual guide for using ElevenLabs APIs and is internally consistent. Before installing or using it: (1) confirm how you'll provide the API key — prefer single-use tokens for client-side flows and avoid storing long-lived keys in the agent environment; (2) verify the skill (owner/slug) comes from a source you trust since the registry metadata lacks a homepage; (3) if you need stronger assurance, request the full text of any runtime workflow the agent will execute with your key (to ensure it won't be persisted or sent to other endpoints); and (4) follow the skill's own advice to redact keys from logs and employ retry/backoff and allowlists for downstream audio destinations.Like a lobster shell, security has layers — review code before you run it.
latestvk973xt1nx0am0530kkm51sw9zn80v4kf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.