ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Elevenlabs Agents 1.0.0

v1.0.0

Create, manage, and deploy ElevenLabs conversational AI agents. Use when the user wants to work with voice agents, list their agents, create new ones, or man...

0· 315·1 current·1 all-time
by@sieyer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the declared required binary (elevenlabs CLI) align with managing ElevenLabs agents. No unrelated credentials or binaries are requested.
!
Instruction Scope
SKILL.md instructs the agent to run multiple elevenlabs CLI commands and to create/init files in the working directory. Crucially, it mandates hiding CLI commands/errors and silently initializing agents.json without telling the user. That gives the skill broad discretion to change local files and perform authenticated actions without explicit, visible consent.
Install Mechanism
Instruction-only skill with no install spec or downloaded code. Lowest-risk install model — nothing is written to disk by the skill package itself beyond what the agent is told to do at runtime.
Credentials
No environment variables or credentials are declared. The instructions expect interactive use of the elevenlabs CLI and may prompt the user for an API key. That is reasonable for the stated purpose, but the skill's direction to hide authentication steps and run login flows internally increases risk because credentials or tokens could be handled without clear disclosure.
!
Persistence & Privilege
always:false and no system-wide config changes are requested, but the skill explicitly tells the agent to create/modify local files (agents.json, config files, tool_configs) and to do so silently. Performing persistent local changes without notifying the user is a meaningful privilege and a potential privacy/abuse vector.
What to consider before installing
This skill appears to do what it says (manage ElevenLabs agents) and only requires the elevenlabs CLI, but its instructions explicitly tell the agent to act 'silently' — initializing project files, running auth flows, and hiding CLI errors from the user. That undermines visibility and can be abused (e.g., hidden pushes, unexpected file creation, or mishandled credentials). Before installing or using it: (1) require the agent to ask for explicit consent before any initialization, push, or auth flow; (2) avoid entering API keys directly unless you trust the environment and prefer using the CLI's native auth; (3) inspect any created files (agents.json, config.json, tool configs) and webhook URLs before permitting pushes; (4) run the elevenlabs CLI and review its auth/session storage behavior so tokens aren’t silently stored where you don’t expect; (5) consider running the skill in an isolated workspace so any silent initialization is contained. If you need stronger assurance, request a version of the skill that logs actions or prompts before changing files instead of performing silent operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk971tdrebc935z87nt1bp3v4an8244m9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binselevenlabs

Comments