Elevenlabs Calls

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed and purpose-aligned, but it can place real outbound AI phone calls and expose call recordings or transcripts without built-in confirmation or privacy guardrails.

Install only if you intend to let an agent use your ElevenLabs account for real phone calls. Use a dedicated or revocable API key, verify each recipient number and call purpose before running the call script, comply with consent and call-recording laws, and treat transcripts/audio as sensitive data that may appear in terminal output, logs, or saved files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill enables automated outbound calling and retrieval of conversation transcripts/audio, but it provides no warning about consent, call recording laws, disclosure requirements, or privacy obligations for third parties. This is dangerous because users may deploy it in ways that violate telecom, surveillance, or data protection rules, leading to unauthorized contact, unlawful recording, and exposure of sensitive personal information.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This script performs a real-world action—placing an outbound phone call—immediately once invoked, without any interactive confirmation, dry-run mode, or explicit safety warning. In an agent-skill context, that increases the risk of accidental or unauthorized calls, including harassment, fraud, or unintended contact with third parties, especially if upstream tooling can trigger the script automatically.

External Transmission

Medium

Category: Data Exfiltration
Content: echo "Initiating call to $TO_NUMBER..." response=$(curl -s -X POST "https://api.elevenlabs.io/v1/convai/twilio/outbound-call" \ -H "xi-api-key: $API_KEY" \ -H "Content-Type: application/json" \ -d "$BODY")
Confidence: 87% confidence
Finding: curl -s -X POST "https://api.elevenlabs.io/v1/convai/twilio/outbound-call" \ -H "xi-api-key: $API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: echo "Initiating call to $TO_NUMBER..." response=$(curl -s -X POST "https://api.elevenlabs.io/v1/convai/twilio/outbound-call" \ -H "xi-api-key: $API_KEY" \ -H "Content-Type: application/json" \ -d "$BODY")
Confidence: 87% confidence
Finding: https://api.elevenlabs.io/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal