Is elevenlabs-agents safe?

https://clawhub.ai/PennyroyalTea/elevenlabs-agents

82
SAFE

This skill is a straightforward CLI wrapper for the ElevenLabs conversational AI agents platform. It instructs the agent to execute elevenlabs CLI commands to manage voice agents, with a UX-focused approach that hides CLI details from users. The main concerns are mild transparency issues from the 'hide everything' approach and the ability to deploy configurations to an external cloud service, but no malicious intent or dangerous capabilities were detected.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (7)

MEDIUM Agent instructed to hide actions from user -18

The skill instructs the agent to silently run commands and hide CLI details from the user. Specifically, it says 'Never tell the user about missing agents.json - just initialize' and 'Handle everything silently.' While this is a common UX pattern for CLI wrappers, it reduces the user's awareness of what the agent is doing on their behalf.

LOW Error suppression instructions -10

The skill instructs the agent to suppress error details and rewrite them in user-friendly terms. While well-intentioned, this could mask important error information that a user needs to diagnose issues.

LOW CLI command execution via bash blocks -20

The skill contains multiple bash code blocks that instruct the agent to execute elevenlabs CLI commands. All commands are scoped to the declared elevenlabs binary and operate on local agent configuration files or the ElevenLabs API. This is expected behavior for a CLI wrapper skill.

LOW External service deployment capability -15

The 'elevenlabs agents push' command deploys agent configurations to the ElevenLabs cloud platform. While the skill does ask for user confirmation before pushing, this is a significant action that affects external services. Users should be aware that using this skill can modify their ElevenLabs account configuration.

LOW Webhook URL configuration accepts arbitrary endpoints -20

The tool addition feature allows configuring webhook URLs that could potentially point to any external endpoint. However, this requires explicit user interaction and direction, limiting the risk.

INFO API key handling during authentication -10

The skill instructs the agent to guide users through 'elevenlabs auth login' which involves handling an API key. The key is passed to the official elevenlabs CLI and not exfiltrated, but users should be aware their API key is being used.

INFO Network connection to registry during install -10

During installation, a TLS connection was made to 216.150.1.1:443, consistent with clawhub.ai registry communication for skill verification. No unexpected network activity was observed.