Security audit

elevenlabs-tts-api

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SkillBoss ElevenLabs integration, but installing it may enable a much broader third-party API gateway than a text-to-speech skill normally needs.

Install only if you intend to use SkillBoss as a broader API gateway, not just ElevenLabs TTS. Use a low-quota or scoped key if available, inspect the remote setup before running it, and require explicit confirmation before sending sensitive text or using any non-TTS capability.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is labeled and marketed as a narrow ElevenLabs TTS integration, but the setup text expands it into a general-purpose gateway for hundreds of unrelated APIs. This is dangerous because it obscures the true permission and capability scope, increasing the chance that a user or agent enables far broader access than intended.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Advertising scraping, social data, search, email, and unrelated model families inside a TTS skill materially broadens the operational scope beyond the user's likely expectation. That mismatch can cause over-privileged installation and unintended use of sensitive capabilities through a credential introduced under the pretense of simple text-to-speech access.

Intent-Code Divergence

Low

Confidence: 83% confidence
Finding: The examples claim to show TTS usage, but the payload and prompt look like generic text/image inference rather than speech synthesis, which is misleading documentation. Misrepresentation of API behavior can cause agents to invoke the service incorrectly, mishandle outputs, or trust the skill for functions it does not clearly implement.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation guidance says to use the skill whenever the user needs 'elevenlabs api,' which is overly broad and lacks boundaries around approved operations. Broad trigger wording can cause agents to select this third-party gateway by default even when a narrower, direct, or safer integration would be more appropriate.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup instructions encourage installation and API key configuration without warning that the credential may unlock a much larger API surface. This is dangerous because users may provide and store a powerful token under the assumption they are enabling only a single TTS capability, creating avoidable credential-scope and misuse risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.