Trust Assessment
elevenlabs received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 3 critical, 4 high, 7 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 6/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/elevenlabs-skill/scripts/dialogs.py:185 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/elevenlabs-skill/scripts/sfx.py:169 | |
| CRITICAL | Arbitrary file upload to API via --files The `scripts/voiceclone.py` script accepts one or more file paths via the `--files` argument. It then reads the binary content of these specified files (`open(path, "rb")`) and uploads them as part of a multipart form data request to the ElevenLabs voice cloning API. An attacker who can control the `--files` argument could specify paths to any readable file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, sensitive documents, or even large binary files), leading to their content being exfiltrated to the ElevenLabs service. This poses a significant risk for sensitive data leakage. Implement strict validation for file paths provided to `--files`. Consider restricting file access to a specific, sandboxed directory or requiring explicit user confirmation for each file if the skill is intended to operate on arbitrary user-selected files. Ensure the skill's execution environment is properly sandboxed to limit filesystem access. | LLM | scripts/voiceclone.py:80 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'split_by_speakers'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/elevenlabs-skill/scripts/dialogs.py:185 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/elevenlabs-skill/scripts/sfx.py:169 | |
| HIGH | Potential data exfiltration: file read + network send Function 'clone_voice' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/odrobnik/elevenlabs-skill/scripts/voiceclone.py:87 | |
| HIGH | Arbitrary file read and API upload via --composition-plan The `scripts/music.py` script allows specifying a path to a JSON file via the `--composition-plan` argument. The content of this file is read from the local filesystem (`Path(args.composition_plan).read_text()`) and then included in the `composition_plan` field of the payload sent to the ElevenLabs music API. An attacker who can control the `--composition-plan` argument could specify a path to any readable file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), leading to its content being read and potentially exfiltrated to the ElevenLabs service. Implement strict validation for file paths provided to `--composition-plan`. Consider restricting file access to a specific, sandboxed directory or requiring explicit user confirmation for each file if the skill is intended to operate on arbitrary user-selected files. Ensure the skill's execution environment is properly sandboxed to limit filesystem access. | LLM | scripts/music.py:115 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/dialogs.py:35 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/music.py:29 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/quota.py:21 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/sfx.py:16 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/speech.py:16 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/voiceclone.py:17 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/elevenlabs-skill/scripts/voices.py:13 |
Scan History
Embed Code
[](https://skillshield.io/report/c86ccdc6a7f8cd52)
Powered by SkillShield