ElevenLabs Voices
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: elevenlabs-voices Version: 2.1.6 The OpenClaw AgentSkills bundle for ElevenLabs Voices appears to be a legitimate wrapper for the ElevenLabs API, providing text-to-speech, sound effects, and voice design functionalities. It correctly handles API keys via environment variables or a local `.env` file and communicates exclusively with the official ElevenLabs API endpoints. However, the `scripts/sfx.py`, `scripts/tts.py`, and `scripts/voice-design.py` scripts are vulnerable to path traversal. User-provided arguments for `--output` and the `output` field in batch JSON files are used directly to construct file paths for saving audio, without apparent sanitization. This could allow a malicious actor to write files to arbitrary locations on the filesystem (e.g., `../../../../tmp/malicious.mp3`), posing a significant risk of arbitrary file write, which is classified as a vulnerability rather than intentional malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the API key is safer than it is, store it in a project directory, or accidentally commit it.
This is an overbroad privacy assurance for a provider API integration: the scripts use the key to authenticate to ElevenLabs, and the provided manifest does not include a .gitignore file to support the git-exclusion claim.
**🔒 Privacy:** Your API key is stored locally in `config.json` only. It never leaves your machine and is automatically excluded from git via `.gitignore`.
Clarify that the key is sent to ElevenLabs for authentication, include or document a real .gitignore entry for config.json/.env, and advise users to protect the key like a paid account credential.
Generated speech or batch jobs may consume ElevenLabs credits or incur charges under the configured account.
The skill uses an ElevenLabs API key to make authenticated requests, which is expected for the stated purpose but gives access to paid account quota.
"headers = {\n \"xi-api-key\": api_key,\n \"Content-Type\": \"application/json\",\n \"Accept\": \"audio/mpeg\"\n }"Use a dedicated ElevenLabs key if possible, monitor quota/costs, and avoid sharing the local config or .env file.
Any text or batch file content the user chooses to synthesize is transmitted to ElevenLabs.
The script sends user-provided text to the ElevenLabs text-to-speech API, which is central to the skill but means selected text leaves the local environment.
"payload = {\n \"text\": text,\n \"model_id\": \"eleven_multilingual_v2\",Do not synthesize secrets, private documents, or sensitive customer data unless that use is acceptable under your ElevenLabs account and data policies.
Sensitive prompt descriptions could remain on disk in the skill directory.
Sound-effect prompts are retained locally in .usage.json for usage tracking, so prompt text can persist after generation.
"usage[\"sfx_sessions\"].append({\n \"timestamp\": datetime.now().isoformat(),\n \"duration\": duration,\n \"prompt\": prompt[:100]\n })"Avoid putting sensitive details in SFX prompts, or periodically delete .usage.json if local history retention is not desired.