Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Voice Agent
v1.0.0Enables autonomous cloning of your voice via ElevenLabs, converts text to speech, and deploys AI voice agents for automated inbound/outbound calls with Twili...
⭐ 0· 100·0 current·0 all-time
byWesley Armando@georges91560
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (voice cloning, TTS, Twilio calls) matches the included code and instructions, but the registry metadata omits the sensitive credentials and paths the SKILL.md actually uses. SKILL.md expects ElevenLabs API keys, optional Twilio credentials, Google browser sessions, and Telegram notifications — none of which are declared in the top-level requirements. That mismatch is a red flag for either sloppy packaging or hidden assumptions about available credentials/sessions.
Instruction Scope
Runtime instructions tell the agent to autonomously navigate elevenlabs.io via a virtual-desktop, perform Google OAuth sign-in using the active browser session or fill in email/password, create API keys, copy them, and write secrets into /workspace/voice/config.json and a .env file. The SKILL.md also references Telegram notifications and many workspace read/write paths. These instructions involve accessing and storing sensitive credentials and an external browser session — scope beyond simple TTS generation and worth explicit user consent and review.
Install Mechanism
There is no install spec (instruction-only) and only one Python script is included. That reduces supply-chain risk compared to arbitrary downloads, but the script performs network calls (ElevenLabs API) and writes files to the workspace. The lack of an install step does not remove the need to audit the included code for data exfiltration or hidden endpoints.
Credentials
The skill will create and store ELEVENLABS_API_KEY and voice IDs and may require ELEVENLABS_EMAIL/ELEVENLABS_PASSWORD and TWILIO_ACCOUNT_SID/AUTH_TOKEN, yet the registry metadata lists no required environment variables. Telegram notifications are described but no Telegram credential is declared. Requesting or grabbing an active Google session via virtual-desktop is sensitive and should be explicitly declared — its absence in the registry is disproportionate and inconsistent.
Persistence & Privilege
The skill writes secrets and config to workspace files (.env and config.json) and creates audit/error logs under the workspace; it also relies on a virtual-desktop skill to access browser sessions. While always:false (so it's not force-included), writing credentials and using another skill's browser session increases persistence/privilege — verify you want a component that can create and store API keys and use an active Google session on your behalf.
Scan Findings in Context
[system-prompt-override] unexpected: A system-prompt-override pattern was detected inside SKILL.md. That pattern is not expected for a TTS/call automation skill and may indicate an attempt to influence agent/system prompts; treat as suspicious and review SKILL.md closely for prompt-injection content.
What to consider before installing
Before installing: 1) Verify the registry metadata is updated to declare the exact env vars and credential requirements (ElevenLabs, Twilio, Telegram, or email/password). 2) Inspect the full SKILL.md and voice_generator.py (including truncated sections) to confirm there are no hidden endpoints or undisclosed notification channels. 3) Understand and consent to the skill using the virtual-desktop's active Google session (this lets it act as a logged-in user). 4) Run this skill in an isolated workspace or sandbox if you will allow it to create/write API keys and .env files. 5) If you don't trust automatic browser-based credential creation, opt for manual API key creation and supply only the minimally necessary credentials. 6) If Telegram notifications are required, confirm where the token is stored and that it won't be used to exfiltrate secrets. If any of these points are unclear or the registry metadata doesn't match the instructions, do not enable the skill until clarified.SKILL.md:185
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
#audio-contentvk974tywda25zrj23a2r7pb1y6d830dxz#autonomous-agentvk974tywda25zrj23a2r7pb1y6d830dxz#elevenlabsvk974tywda25zrj23a2r7pb1y6d830dxz#inbound-callsvk974tywda25zrj23a2r7pb1y6d830dxz#lead-qualificationvk974tywda25zrj23a2r7pb1y6d830dxz#outbound-callsvk974tywda25zrj23a2r7pb1y6d830dxz#phone-callsvk974tywda25zrj23a2r7pb1y6d830dxz#podcastvk974tywda25zrj23a2r7pb1y6d830dxz#self-configuringvk974tywda25zrj23a2r7pb1y6d830dxz#ttsvk974tywda25zrj23a2r7pb1y6d830dxz#twiliovk974tywda25zrj23a2r7pb1y6d830dxz#voicevk974tywda25zrj23a2r7pb1y6d830dxz#voice-clonevk974tywda25zrj23a2r7pb1y6d830dxz#vslvk974tywda25zrj23a2r7pb1y6d830dxzlatestvk974tywda25zrj23a2r7pb1y6d830dxz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.