ElevenLabs Voices
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its ElevenLabs voice-generation purpose, but it makes overstated privacy claims while collecting and storing an API key locally.
Review the API-key handling before installing. Prefer setting the key through a protected environment variable or carefully permissioned .env file, confirm config.json and .env are excluded from version control, and avoid sending sensitive text or prompts to ElevenLabs unless you intend to share them with that provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the API key is safer than it is, store it in a project directory, or accidentally commit it.
This is an overbroad privacy assurance for a provider API integration: the scripts use the key to authenticate to ElevenLabs, and the provided manifest does not include a .gitignore file to support the git-exclusion claim.
**🔒 Privacy:** Your API key is stored locally in `config.json` only. It never leaves your machine and is automatically excluded from git via `.gitignore`.
Clarify that the key is sent to ElevenLabs for authentication, include or document a real .gitignore entry for config.json/.env, and advise users to protect the key like a paid account credential.
Generated speech or batch jobs may consume ElevenLabs credits or incur charges under the configured account.
The skill uses an ElevenLabs API key to make authenticated requests, which is expected for the stated purpose but gives access to paid account quota.
"headers = {\n \"xi-api-key\": api_key,\n \"Content-Type\": \"application/json\",\n \"Accept\": \"audio/mpeg\"\n }"Use a dedicated ElevenLabs key if possible, monitor quota/costs, and avoid sharing the local config or .env file.
Any text or batch file content the user chooses to synthesize is transmitted to ElevenLabs.
The script sends user-provided text to the ElevenLabs text-to-speech API, which is central to the skill but means selected text leaves the local environment.
"payload = {\n \"text\": text,\n \"model_id\": \"eleven_multilingual_v2\",Do not synthesize secrets, private documents, or sensitive customer data unless that use is acceptable under your ElevenLabs account and data policies.
Sensitive prompt descriptions could remain on disk in the skill directory.
Sound-effect prompts are retained locally in .usage.json for usage tracking, so prompt text can persist after generation.
"usage[\"sfx_sessions\"].append({\n \"timestamp\": datetime.now().isoformat(),\n \"duration\": duration,\n \"prompt\": prompt[:100]\n })"Avoid putting sensitive details in SFX prompts, or periodically delete .usage.json if local history retention is not desired.