Back to skill
Skillv1.0.0
VirusTotal security
Elevenlabs Calls · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:02 AM
- Hash
- 77c2b44ead5c3a25c296e3cd2e5a02bdf30ffabb95ddc18ad700c47717a7736d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: elevenlabs-calls Version: 1.0.0 The skill bundle's primary purpose of interacting with the ElevenLabs API for AI phone calls is benign. However, several shell scripts (`scripts/agents.sh`, `scripts/conversation.sh`, `scripts/conversations.sh`) exhibit potential URL/shell injection vulnerabilities. User-controlled inputs like `$SEARCH`, `$CONV_ID`, and `$AGENT_ID` are directly concatenated into `curl` command URLs without proper sanitization. This could allow a malicious input to manipulate the `curl` request, potentially leading to unintended actions or information disclosure, classifying it as suspicious due to these exploitable flaws.
- External report
- View on VirusTotal