Neomano TTS (ElevenLabs)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ElevenLabs text-to-speech skill that uses your API key to turn requested text into an audio file.

Install only if you are comfortable storing an ElevenLabs API key in the OpenClaw environment and sending the text you want spoken to ElevenLabs. Avoid using it for highly sensitive text unless that provider handling is acceptable to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description includes broad trigger phrases like replying with voice/audio or TTS, which can overlap with ordinary conversation and cause the skill to activate unexpectedly. Over-broad activation can route user content to an external provider without sufficiently explicit user intent, increasing privacy and consent risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal