ElevenLabs STT OpenClaw
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live TTS is used, sensitive words spoken into the microphone may be converted into audio files that remain on disk after the session.
The live TTS path saves synthesized speech to a temporary MP3 with delete=False and the provided code does not remove it after playback.
tmp = tempfile.NamedTemporaryFile(delete=False, suffix=".mp3") ... subprocess.Popen(["afplay", tmp.name])
Use --tts none for sensitive sessions, or update the helper to delete the temporary MP3 after playback and on error paths.
Microphone audio and resulting transcripts can leave the device when realtime or live listener modes are used.
The realtime listener captures microphone audio and streams it to ElevenLabs over WebSocket using the user's API key.
ffmpeg_cmd = [ ... "-f", "avfoundation", "-i", DEVICE, ... "pipe:1" ] ... websocat", WS_URL, "-t", "-H", f"xi-api-key: {API_KEY}"Run live modes only when you intend to stream microphone audio to ElevenLabs, avoid always-on mode for sensitive environments, and verify any webhook configuration.
The skill can make requests against the user's ElevenLabs account and may incur account usage or cost.
The script uses the user's ElevenLabs API key to call the ElevenLabs API, which is expected for this provider integration.
API_KEY="${ELEVENLABS_API_KEY:-}" ... -H "xi-api-key: $API_KEY"Use an API key intended for this purpose, store it securely, and rotate it if exposed.
Users have less external context for verifying the publisher or project history.
The provided package includes source files and no remote installer, but external provenance information is limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included scripts before use and install required binaries from trusted package sources.