ClawHub

OpenClaw TTS Voice Switch

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps change OpenClaw's ElevenLabs TTS voice, with some normal but sensitive handling of local config and API credentials.

Install only if you are comfortable with the skill editing your OpenClaw TTS config, restarting the gateway, and using your ElevenLabs API key to list account voices. Prefer an existing config or protected environment variable for the key, avoid pasting secrets into chat or command arguments, and keep the generated backup in case you need to restore the previous TTS settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is described as locally switching voices by editing config and restarting a gateway, but this script also reaches out to ElevenLabs over the network to enumerate available voices. That mismatch matters because users may not expect external connectivity or credential-backed API use from a skill presented as a local configuration helper.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill allows an optional `apiKey` to be passed on the command line without warning about secret handling. Command-line arguments can be exposed through shell history, process listings, logs, telemetry, or agent transcripts, so this pattern risks credential disclosure even if the underlying script behaves correctly.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script reads sensitive API credentials from both local config and environment variables without any visible disclosure or confirmation to the user. While the key is not printed, silent credential harvesting from multiple sources reduces transparency and can violate user expectations in an agent skill context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends a request to an external service using a locally sourced API key, but there is no user-facing notice that running the script will contact ElevenLabs. In an agent-skill setting, undisclosed external transmission is security-relevant because users may assume the skill only performs local configuration changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script accepts an ElevenLabs API key as a positional command-line argument and then writes it into a persistent config file. Command-line arguments are commonly exposed through shell history, process listings, audit logs, and orchestration tooling, so this handling can leak credentials to other local users or operational logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal