Back to skill

Security audit

Venice AI Media

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Venice AI media tool, but users should understand that selected prompts and media are sent to Venice and may spend API credits.

Install this only if you intend to use Venice AI. Use a dedicated revocable Venice API key, monitor credit usage, use video quote mode before expensive jobs, and avoid submitting sensitive photos, documents, audio, or private prompt text unless Venice's data handling is acceptable to you. Avoid --embed-exif for sensitive prompts or strip metadata before sharing generated images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill supports editing, upscaling, and video generation from local images or remote image URLs, which necessarily sends those images to Venice AI for processing, but the description does not clearly warn users of that transfer. This creates a privacy risk because users may unknowingly upload sensitive photos, documents, or metadata to an external service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation advertises an `--embed-exif` option that embeds prompts into output image metadata, but does not warn that prompts may contain sensitive or identifying information. Shared or reposted images can therefore leak prompt text long after generation, creating an avoidable privacy disclosure.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.