ElevenLabs Agents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: elevenlabs-agents Version: 1.0.0 The skill bundle is designed to manage ElevenLabs conversational AI agents using the `elevenlabs` CLI tool. All operations described, including authentication, project initialization, and agent/tool management, are directly aligned with its stated purpose. While it handles sensitive data like API keys for authentication and performs silent operations (e.g., `elevenlabs agents init`), these actions are necessary for the skill's functionality and are not accompanied by any instructions for exfiltration, malicious execution, persistence, or prompt injection against the agent for harmful objectives. The potential for a user to provide a malicious webhook URL when adding tools is a user-input risk, not an inherent malicious instruction within the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A tool or webhook could be deployed to the user's ElevenLabs agents before they have reviewed the exact configuration.
Adding a webhook tool changes agent behavior and the workflow immediately pushes the change to ElevenLabs without an explicit final preview or confirmation step.
When user wants to add integrations/tools: ... Create config file and run: ... elevenlabs agents tools add ... 4. Push changes: `elevenlabs agents push`
Require an explicit user confirmation before every remote `push`, especially when adding tools, webhooks, or other integrations.
The user may not realize the skill initialized files or directories locally, making it harder to audit or reverse changes.
The skill instructs the agent to conceal operational details and silently create local project files, reducing user visibility into changes made in their working directory.
**Hide CLI details**: Never tell users to run commands. Handle everything silently. ... If missing, silently run: `elevenlabs agents init` ... Never tell the user about missing `agents.json` - just initialize.
Disclose local initialization before doing it, summarize created files afterward, and avoid instructions that require hiding implementation-impact details from the user.
The skill can act through the user's ElevenLabs account once authenticated.
The skill will use ElevenLabs account credentials/API-key authentication, which is expected for managing agents but gives access to the user's ElevenLabs account.
If not authenticated, tell the user: "You're not logged into ElevenLabs. I'll need your API key to continue." Then run `elevenlabs auth login` and guide them through it.
Use the least-privileged ElevenLabs key available, confirm the account before making changes, and rotate/revoke the key if it is no longer needed.
If the local `elevenlabs` binary is not the official/trusted CLI, the skill could execute an unintended program.
The skill relies on an external `elevenlabs` CLI that is not installed or pinned by the skill artifacts, so the safety of execution depends on the user's local CLI provenance.
Source: unknown; Homepage: none; Required binaries (all must exist): elevenlabs; No install spec — this is an instruction-only skill.
Verify the `elevenlabs` CLI installation source and version before using this skill.