ElevenLabs Voice Pipeline

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is a coherent ElevenLabs voice workflow, but its voice cloning and Telegram examples handle sensitive voice and message data without enough privacy, consent, and misuse warnings.

Review this carefully before installing. Only use voice cloning with explicit informed consent from the speaker, avoid uploading sensitive or regulated text/audio unless you have the right data-processing arrangements, and store the ElevenLabs and Telegram credentials securely.

SkillSpector (2)

By NVIDIA

Missing User Warnings

High

Confidence: 93% confidence
Finding: The voice cloning section instructs users to upload voice samples and consent documents to a third-party service but does not present clear user-facing warnings about biometric data sensitivity, impersonation risk, or the need for explicit authorization from the voice owner. In this context, the omission is security-relevant because cloned voices can be abused for fraud, social engineering, and privacy violations, and users may not realize that sensitive voiceprints are being transmitted off-platform.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The Telegram integration sends user text to ElevenLabs for synthesis and then sends generated audio to Telegram, but the skill does not clearly warn that message content and derived audio leave the local environment and are shared with external services. This can expose sensitive user content or regulated data if operators deploy the workflow without understanding the privacy boundary.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal