Miranda ElevenLabs Speech (TTS/STT)
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume your ElevenLabs quota or credits and acts through your ElevenLabs account.
The skill requires an ElevenLabs API key so the scripts can call ElevenLabs on the user's behalf. This is purpose-aligned, but the registry metadata lists no primary credential or required env var.
Set your API key: export ELEVENLABS_API_KEY="sk_..."
Use a dedicated or limited API key if possible, keep the key out of chat logs, and monitor ElevenLabs usage.
Voice recordings, and separately TTS text, leave the local machine and are processed by ElevenLabs.
The STT workflow uploads the selected local audio file to ElevenLabs for transcription. This is the core purpose of the skill, but it is still a third-party data flow.
with open(audio_file_path, 'rb') as audio_file: ... response = requests.post(url, headers=headers, data=data, files=files, timeout=120)
Only process text or audio you are comfortable sending to ElevenLabs, and review ElevenLabs' privacy, retention, and pricing terms.
It is harder to verify exactly who packaged or maintains this skill.
The bundled metadata uses a different owner/slug than the registry identity supplied for this review. This creates provenance ambiguity but does not show unsafe code execution or hidden behavior.
"ownerId": "kn7fe24yv7zvrbtg5wf3me2cxd80dsyc", "slug": "elevenlabs-voice"
Install only if you trust the registry package, and maintainers should align the registry metadata, bundled metadata, and source/homepage information.