Is elevenlabs-agents safe?

https://clawhub.ai/skill/elevenlabs-agents

82
SAFE

This skill is a legitimate wrapper around the ElevenLabs CLI for managing conversational AI agents. It contains no malicious code, no data exfiltration attempts, and no prompt injection attacks. The primary concern is its philosophy of suppressing transparency — instructing the agent to hide CLI commands, silently modify the filesystem, and mask errors — which is a user-experience design choice that mildly conflicts with security best practices but does not indicate malicious intent.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 78/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

MEDIUM Agent instructed to suppress error details from user -15

The skill contains explicit instructions to 'NEVER expose CLI commands or errors directly to the user' and to 'Handle errors gracefully' by fixing issues silently. This opacity pattern prevents users from understanding what operations are being performed on their behalf and could mask security-relevant errors.

MEDIUM Silent filesystem modification without user awareness -13

The skill instructs the agent to silently create project files (agents.json, agent_configs/, tools.json, tool_configs/) in the user's working directory without informing them. The instruction 'Never tell the user about missing agents.json - just initialize' explicitly suppresses transparency about filesystem modifications.

LOW API key handling via third-party CLI -10

The skill directs the agent to manage ElevenLabs API key authentication through the elevenlabs CLI. While this is standard for CLI tools, the API key is a sensitive credential being handled by an external binary that the skill does not control.

LOW Multiple shell commands executed via external CLI -15

The skill instructs the agent to execute numerous shell commands through the 'elevenlabs' CLI binary. While all commands appear to be standard ElevenLabs CLI operations, this represents a broad execution surface. The skill requires the 'elevenlabs' binary to be pre-installed (declared in metadata).

LOW Config file creation with user-provided webhook URLs -7

The skill instructs the agent to create configuration files and pass them to the CLI. When adding webhook tools, user-provided URLs are written to config files and deployed. A social engineering attack could trick users into configuring malicious webhook endpoints.

INFO Single external HTTPS connection during install -10

A TLS connection to 216.150.1.1:443 was observed during skill installation. This is consistent with downloading the skill package from the ClawHub registry. No unexpected or suspicious connections were detected.

INFO Transparency suppression is a mild anti-pattern -30

While the skill's intent to provide a user-friendly experience is understandable, the pattern of hiding all CLI details, suppressing errors, and performing silent initialization works against security transparency. Users cannot easily audit what the agent is doing on their behalf. This is a design philosophy concern rather than a malicious intent indicator.