Venice AI Media
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the Venice account associated with the API key and may consume credits for generated media.
The skill reads a Venice API key from the environment or its scoped Clawdbot config entry to authenticate API calls.
api_key = os.environ.get("VENICE_API_KEY", "").strip() ... config.get("skills", {}).get("entries", {}).get("venice-ai-media", {}).get("env", {}).get("VENICE_API_KEY", "")Use a dedicated or revocable Venice API key, keep the config private, and monitor account usage.
Images, prompts, and similar media inputs you provide may leave your machine for processing by Venice.
For image editing, local image bytes and the edit prompt are packaged and sent to the Venice API.
image_data = image_path.read_bytes() ... url = f"{API_BASE}/image/edit" ... body.write(prompt.encode())Only process media and prompts you are comfortable sending to Venice, and review Venice's privacy and retention terms for sensitive content.
Users have less provenance context for who maintains the code outside the registry package.
The registry metadata does not identify an upstream source repository, even though the reviewed package includes its script files.
Source: unknown
Install only from a trusted ClawHub listing and re-review code or changelogs on updates.
If gallery pages are generated from untrusted prompt text and opened in a browser, embedded HTML or script-like content could render unexpectedly.
The gallery helper writes prompt text directly into an HTML file without visible HTML escaping.
<figcaption>{it['prompt'][:100]}{'...' if len(it['prompt']) > 100 else ''}</figcaption> ... (out_dir / "index.html").write_text(html, encoding="utf-8")Escape prompt and filename values before writing HTML galleries, and avoid opening generated gallery HTML from untrusted prompts.