Venice AI Media
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated Venice AI media purpose, but it uses your Venice API key, sends selected prompts/media to Venice, and can consume paid API credits.
This is reasonable to install if you intend to use Venice AI and are comfortable sending selected media/prompts to Venice. Use a dedicated API key, watch credit usage, use quote options before expensive video jobs, and avoid processing sensitive private media unless Venice's data handling is acceptable to you.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the Venice account associated with the API key and may consume credits for generated media.
The skill reads a Venice API key from the environment or its scoped Clawdbot config entry to authenticate API calls.
api_key = os.environ.get("VENICE_API_KEY", "").strip() ... config.get("skills", {}).get("entries", {}).get("venice-ai-media", {}).get("env", {}).get("VENICE_API_KEY", "")Use a dedicated or revocable Venice API key, keep the config private, and monitor account usage.
Images, prompts, and similar media inputs you provide may leave your machine for processing by Venice.
For image editing, local image bytes and the edit prompt are packaged and sent to the Venice API.
image_data = image_path.read_bytes() ... url = f"{API_BASE}/image/edit" ... body.write(prompt.encode())Only process media and prompts you are comfortable sending to Venice, and review Venice's privacy and retention terms for sensitive content.
Users have less provenance context for who maintains the code outside the registry package.
The registry metadata does not identify an upstream source repository, even though the reviewed package includes its script files.
Source: unknown
Install only from a trusted ClawHub listing and re-review code or changelogs on updates.
If gallery pages are generated from untrusted prompt text and opened in a browser, embedded HTML or script-like content could render unexpectedly.
The gallery helper writes prompt text directly into an HTML file without visible HTML escaping.
<figcaption>{it['prompt'][:100]}{'...' if len(it['prompt']) > 100 else ''}</figcaption> ... (out_dir / "index.html").write_text(html, encoding="utf-8")Escape prompt and filename values before writing HTML galleries, and avoid opening generated gallery HTML from untrusted prompts.