ClawHub

ElevenLabs Voices

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ElevenLabs voice skill, but it needs review because its credential guidance is inconsistent and its output paths can write outside the intended folder.

Install only if you are comfortable sending selected text, sound prompts, and your ElevenLabs API key to ElevenLabs. Use a dedicated API key with quota limits, prefer environment variables over plaintext config files, avoid sensitive content, and be careful with batch files or output paths because they can write files outside the intended output folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill claims the API key is stored only in config.json and never leaves the machine, but later instructs users to provide it via environment variables or a local .env file. Contradictory secret-handling guidance can cause users to misjudge exposure, mishandle credentials, or commit secrets if .env is not protected as carefully as claimed.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are generic natural-language patterns such as 'list voices' and 'generate sound effect' without clear activation boundaries. In an agent environment, broad triggers increase the chance of accidental invocation from ordinary conversation, which can lead to unintended file writes, API calls, or billable requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows a configuration block containing an API key field in a user config file without any accompanying guidance on secret handling. Even though the value is placeholder-like, examples in agent skills are often copied verbatim, which can normalize storing credentials in plaintext configs, pasting them into chats, or checking them into version control.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends arbitrary user-provided text to a third-party cloud service without an explicit warning or consent checkpoint at the point of use. If users supply sensitive prompts, personal data, or confidential material, that data will be transmitted off-host for processing, creating privacy and compliance risk in contexts where local-only handling is expected.

Ssd 3

Medium
Confidence
97% confidence
Finding
Including a live-looking secret format such as "sk-xxxxx" in plain text documentation can encourage unsafe credential handling and accidental exposure through copied configs, prompts, screenshots, or support tickets. In an agent ecosystem, users may paste such examples into shared contexts, increasing the chance that real keys are later substituted and leaked.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal