LiveKit Voice AI

PassAudited by ClawScan on May 10, 2026.

Overview

This is a coherent instruction-only LiveKit voice AI guide, but users should notice it involves third-party API keys, provider data flows, package installs, and optional telephony actions.

This skill appears safe as an instruction-only development guide. Before using it, confirm which providers will receive audio or transcripts, protect API keys, avoid committing secrets, review billing implications, and add explicit approval controls before enabling outbound phone calls or production deployments.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

Using the examples may require credentials that can access paid cloud services or provider accounts.

Why it was flagged

The skill documents use of LiveKit and provider credentials. This is expected for the stated integration, but users should treat these as sensitive account credentials.

Skill content

LIVEKIT_API_KEY=your-api-key
LIVEKIT_API_SECRET=your-api-secret

# Provider keys ...
OPENAI_API_KEY=
DEEPGRAM_API_KEY=
CARTESIA_API_KEY=
ELEVENLABS_API_KEY=

Recommendation

Use least-privilege API keys, keep them out of shared logs or code, rotate them if exposed, and confirm provider billing and permissions before use.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Voice conversations or transcripts may be processed by third-party providers depending on the configuration.

Why it was flagged

The example connects speech-to-text, LLM, and text-to-speech providers, implying voice audio, transcripts, or generated responses may flow through external services.

Skill content

session = AgentSession(
        stt=deepgram.STT(),
        llm=openai.LLM(model="gpt-4.1-mini"),
        tts=cartesia.TTS(),
    )

Recommendation

Review each provider's privacy, retention, and logging settings before handling confidential conversations.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If adapted into an agent without safeguards, it could place calls or use telephony resources unexpectedly.

Why it was flagged

The telephony example shows how to initiate an outbound SIP call. This is purpose-aligned, but real calls can contact people and incur charges.

Skill content

await lk_api.sip.create_sip_participant(
    api.CreateSIPParticipantRequest(
        sip_trunk_id="trunk-id",
        sip_call_to="+15551234567",

Recommendation

Require explicit user approval, validate destination numbers, and set cost/rate limits before enabling outbound calling.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing packages may bring in third-party code and dependencies that are outside this skill's artifact set.

Why it was flagged

The quick start recommends installing external packages without pinned versions. This is normal for a setup guide, but it delegates trust to package registries.

Skill content

pip install livekit-agents livekit-plugins-openai livekit-plugins-deepgram livekit-plugins-cartesia

# Or Node.js
npm install @livekit/agents @livekit/agents-plugin-openai

Recommendation

Install from trusted registries, consider pinning versions, and review dependency provenance for production use.