Skill Trust Decision

elevenlabs-toolkit

Name: elevenlabs-toolkit Trust Review Report
Item: elevenlabs-toolkit
Rating: 65
Author: ClawSafe

ElevenLabs语音API工具包存在未声明的MISTRAL_API_KEY环境变量访问，SKILL.md仅声明ELEVENLABS_API_KEY但代码实际还使用Mistral API进行对话增强功能，属于文档-行为差异。

Install decision first Source: ClawHub Scanned: May 1, 2026

Files 2

Artifacts 3

Violations 1

Findings 2

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

3 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

3 dependency or supply-chain issues need attention.

What drove the risk score up

未声明的环境变量访问 +20

代码访问MISTRAL_API_KEY但SKILL.md仅声明ELEVENLABS_API_KEY

文档-行为差异 +15

story_concierge功能使用了未声明的第三方API集成

Most important evidence

Medium Doc Mismatch

未声明的环境变量依赖

SKILL.md metadata仅声明ELEVENLABS_API_KEY为必需环境变量，但scripts/elevenlabs_api.py第162行还读取MISTRAL_API_KEY用于story_concierge功能的对话增强。

scripts/elevenlabs_api.py:162

在SKILL.md的requires.env数组中补充MISTRAL_API_KEY，或将Mistral集成改为可选功能并添加条件判断处理缺失情况。

Low Doc Mismatch

安全说明与实际代码不符

SKILL.md安全备注声称使用base64编码音频数据，但实际elevenlabs_api.py代码中使用的是r.content直接获取bytes，无base64处理。

SKILL.md:33

移除或修正安全说明中的base64描述，使其与实际代码一致。

Declared capability vs actual capability

Network Pass

Declared READ

→

Inferred READ

SKILL.md声明outbound调用elevenlabs.io

Environment Block

Declared READ

→

Inferred READ

scripts/elevenlabs_api.py:162 - 额外读取MISTRAL_API_KEY

Filesystem Pass

Declared NONE

→

Inferred NONE

无文件写入操作

Suspicious artifacts and egress

Medium External URL

https://api.elevenlabs.io/v1/voices

SKILL.md:89

Medium External URL

https://api.elevenlabs.io/v1/user/subscription

SKILL.md:227

Medium External URL

https://api.elevenlabs.io/v1

scripts/elevenlabs_api.py:13

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
httpx	`未锁定`	pip	No	代码导入但无版本锁定
fastapi	`未锁定`	pip	No	代码导入但无版本锁定
websockets	`未锁定`	pip	No	WebSocket流功能需要，无版本锁定
mistralai	`未锁定`	pip	No	隐藏依赖，SKILL.md未声明

File composition

2 files · 448 lines

Markdown 1 files · 267 linesPython 1 files · 181 lines

Files of concern · 2

SKILL.md Markdown · 267 lines

安全说明与实际代码不符 · https://api.elevenlabs.io/v1/voices · https://api.elevenlabs.io/v1/user/subscription

scripts/elevenlabs_api.py Python · 181 lines

未声明的环境变量依赖 · https://api.elevenlabs.io/v1

Security positives

代码结构清晰，无混淆或隐蔽执行逻辑

无反向shell或远程代码执行

网络请求仅指向官方ElevenLabs API域名

依赖项为标准安全库(httpx, fastapi)

API密钥仅用于直接调用对应服务，无外传行为