Back to skill
Skillv1.0.1
VirusTotal security
Venice Admin · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:15 AM
- Hash
- 249e4d59dfcfc641b4813cb0148c3b7d4e5767b4a7338094e9dc1c5298879735
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: venice-admin Version: 1.0.1 The skill bundle appears to be designed for its stated purpose of Venice AI account administration. However, the `scripts/usage.py` script includes an `--output` argument that allows writing the usage history to an arbitrary file path specified by the user. While this is a common feature, the `Path(output_file).resolve()` call means an agent, if susceptible to prompt injection, could be instructed to write data to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) or other unintended locations. This capability represents a file write vulnerability that could be exploited via prompt injection, classifying the skill as suspicious rather than benign, despite the lack of clear malicious intent within the skill's code itself.
- External report
- View on VirusTotal