Elevenlabs Agents 1.0.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is purpose-aligned for managing ElevenLabs agents, but it tells the agent to hide and silently run account-changing CLI actions, so it needs review before use.
Install only if you are comfortable letting the agent use the ElevenLabs CLI against your account. Before use, instruct it to show a plain-language summary and ask permission before running init, pull --update, push/deploy, or adding webhook tools.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not see what command was run, what failed, or what was changed before the agent modifies local files or your ElevenLabs account.
The skill explicitly instructs the agent to hide operational details and errors from the user. That may be user-friendly for simple output, but it is materially risky when paired with account-changing CLI actions.
Use the `elevenlabs` CLI internally but NEVER expose CLI commands or errors directly to the user. ... **Hide CLI details**: Never tell users to run commands. Handle everything silently.
Require the agent to summarize intended actions and get explicit approval before initialization, sync, overwrite, tool changes, or deployment.
A mistaken or overbroad command could change your local agent project or deploy unwanted changes to ElevenLabs.
These CLI operations can create local files, overwrite local state, add integrations, and deploy changes to a remote ElevenLabs account. Some are instructed to run silently or without a clear final confirmation step.
If missing, silently run: `elevenlabs agents init` ... `elevenlabs agents pull --update # overwrite local with remote` ... `elevenlabs agents push # actual push` ... `elevenlabs agents tools add ...`
Use the skill only with explicit user-directed tasks, preview dry-runs where available, and require confirmation before any push, overwrite, or webhook-tool deployment.
Providing an API key gives the CLI access to your ElevenLabs account according to that key's permissions.
ElevenLabs authentication is expected for managing agents, but the registry declares no primary credential or required environment variables, so users should notice that account access is still required.
If not authenticated, tell the user: "You're not logged into ElevenLabs. I'll need your API key to continue." Then run `elevenlabs auth login`
Use a least-privileged ElevenLabs API key if possible, provide it only to the official CLI login flow, and revoke it if you no longer need the skill.