ElevenLabs CLI

Type: OpenClaw Skill Name: elevenlabs-cli Version: 0.1.7 The skill bundle is classified as suspicious due to several risky capabilities and potential vulnerabilities. The `SKILL.md` provides instructions for installing the `elevenlabs-cli` via various package managers (Homebrew, Scoop, Snap, Cargo, Docker) and includes an `elevenlabs update` command, all of which involve downloading and executing external code, posing a supply chain risk. Furthermore, the `README.md` and `CHANGELOG.md` repeatedly mention 'MCP server configuration' and 'exposing MCP tools to autonomous agents,' with the `README.md` explicitly instructing the agent to 'set up MCP.' While the `SKILL.md` does not detail the specific commands for this 'MCP' setup, it strongly suggests a capability of the underlying CLI that, if enabled by an agent, could expose the agent's tools or capabilities, creating a significant attack surface and potential privilege escalation risk. These are vulnerabilities and risky behaviors, not clear evidence of intentional malice.