Back to plugin

Security audit

ElevenLabs STT

Security checks across malware telemetry and agentic risk

Overview

The plugin's code and instructions match its stated purpose (sending inbound audio to ElevenLabs for transcription); nothing in the files indicates unrelated access or exfiltration, but there are minor metadata inconsistencies you should be aware of before installing.

This plugin appears to do exactly what it says: send inbound audio to ElevenLabs for transcription. Before installing, ensure you: (1) Provide an ELEVENLABS_API_KEY (the package and README require it) and store it as a secret/env var rather than inline; (2) Accept that audio will be transmitted to ElevenLabs (review privacy/PII implications and your ElevenLabs account's retention/policy); (3) Confirm you trust the npm package author and source (package.json points to a GitHub repo) and install via your normal OpenClaw/npm vetting process; (4) Note the minor metadata mismatch in registry summary vs. package metadata — verify the required env var is set in your deployment so OpenClaw validation doesn't fail. If you want higher assurance, inspect the published npm package contents (or the GitHub repo) and verify the version's integrity before enabling in production.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.