Venice Admin
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—read Venice balance, usage, and API-key metadata using a declared admin key—but that key is powerful and runtime dependencies should be trusted.
Only install and run this if you are comfortable giving the agent access to a Venice Admin API key. The code shown is coherent and read-only against Venice admin endpoints, but protect the key carefully and be aware that uv may install the httpx dependency at runtime.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
While the admin key is available, the agent can read Venice account balance, usage history, and API-key metadata.
The skill explicitly requires an elevated Venice credential and uses it for billing, usage, and API-key administration data. This matches the stated purpose, but it is still high-impact account access.
These endpoints require an **Admin API key** ... Admin keys can view billing info and manage other keys
Use a dedicated Venice admin key only when needed, keep it out of logs and shared environments, and revoke or rotate it if you no longer trust the installation.
A compromised or unexpectedly changed runtime dependency would execute in the same process that can access VENICE_API_KEY.
The script declares a runtime Python dependency without a version pin; SKILL.md also says uv run automatically installs this dependency. This is disclosed and purpose-aligned, but it adds a dependency supply-chain surface.
# dependencies = ["httpx"]
Prefer a trusted environment and consider pinning or reviewing the resolved dependency before running the skill with an admin key.