Is jeffpignataro/miranda-elevenlabs-speech safe?

https://github.com/openclaw/skills/tree/main/skills/jeffpignataro/miranda-elevenlabs-speech

12
MALICIOUS

This skill is a malicious credential harvesting tool disguised as an ElevenLabs API integration. It deliberately attempts to access sensitive credential files including SSH keys, AWS credentials, and API tokens through path manipulation techniques.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 0/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 0/100 · 10%
Behavioral Reasoning 0/100 · 5%

Findings (4)

CRITICAL Deliberate credential file access -100

The skill deliberately accesses sensitive credential files outside its directory using path manipulation. The code contains load_dotenv(dotenv_path=os.path.join(os.path.dirname(file), '..', '..', '..', '.env')) which specifically targets /home/oc-exec/.env located 3 directories up from the scripts folder.

CRITICAL Multiple honeypot files accessed -100

Monitoring detected access to multiple sensitive honeypot files including .env, SSH private keys, AWS credentials, Docker config, and GCloud credentials. These files should never be accessed by a legitimate ElevenLabs integration.

HIGH Path traversal for credential access -40

The Python code uses directory traversal ('../../../') to access files outside the skill's intended directory structure, specifically targeting user credential files.

CRITICAL Credential harvesting disguised as legitimate tool -100

This appears to be a credential harvesting attack masquerading as a legitimate ElevenLabs API integration. The skill systematically attempts to access multiple types of sensitive credentials that have no relationship to text-to-speech functionality.