ElevenLabs MCP Is Awesome… But It Reveals a Risk in All MCPs

In this video, I explore the official ElevenLabs MCP server and discover a concerning permission issue that applies to all MCPs. After cloning my voice in a previous video (linked below), I'm now pairing it with ElevenLabs' official MCP server to create audio content. While the tool works amazingly well, I discovered something concerning - it writes files to my local system without explicitly asking for permission or mentioning this capability in its documentation. I run the server through my MCP Evaluator tool (linked below) to verify this behavior, revealing important security considerations even for official, trustworthy company servers. ⏱️ TIMESTAMPS: 00:00 - Introduction and previous voice cloning recap 00:16 - My initial hesitation with voice/face cloning 00:28 - Using the ElevenLabs MCP server 00:42 - Creating an intro with my cloned voice 01:22 - Security concern: Unauthorized file system access 02:08 - Running the MCP Evaluator test 02:27 - Evaluation results and security findings 03:31 - Why we should check all MCP servers 03:58 - Other capabilities of the ElevenLabs MCP 04:25 - Closing thoughts 🔗 LINKS: Book a call with me: https://cal.com/jeredblu Voice Cloning Video: https://www.youtube.com/watch?v=DL2kPsxMLyM MCP Security Video: https://www.youtube.com/watch?v=LYUDUOevtqk MCP Evaluator Tool: https://github.com/JeredBlu/custom-instructions/blob/main/mcpevaluatorv3.md #AI #ElevenLabs #MCP #VoiceCloning #AISecurity #ModelContextProtocol #AITools #AIRisks #AIPrivacy #AIPermissions