Venice API Kit
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts show a coherent Venice AI API client, with the main cautions being admin-key power, selected-file uploads, and trust in the provider and Python dependency.
Install only if you trust this skill source and Venice AI. Use an inference-scoped key for normal generation, provide an admin key only for deliberate account-management tasks, confirm any --force deletion manually, store API keys securely, and avoid uploading sensitive files or media unless you accept Venice AI’s privacy terms.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide an admin Venice key, the agent can manage account credentials, and newly created keys may appear in chat transcripts or logs.
The skill can create Venice API keys, including admin keys, and displays the newly created secret in the agent session.
VALID_KEY_TYPES = ["INFERENCE", "ADMIN"] ... full_key = data.get("key") ... print(f"\n {full_key}\n", file=sys.stderr)Use an inference-only key for normal generation tasks; only use an admin key for explicit admin tasks and rotate any key exposed in logs or chat.
A mistaken or over-broad agent action could delete a Venice API key and disrupt integrations that depend on it.
The delete script performs an irreversible account mutation, though it is clearly labeled and requires an explicit force flag.
Delete an API key. This action is irreversible. ... Use --force to confirm deletion.
Require explicit user confirmation before running API-key deletion commands, and verify the key ID before using --force.
Selected document contents can leave the local machine and embeddings may later be reused in RAG workflows.
The embeddings tool reads a user-selected local file and sends its text to Venice to generate embeddings.
text = Path(file_path).read_text(encoding="utf-8") ... response = client.post(f"{VENICE_BASE_URL}/embeddings", headers=headers, json=payload)Only embed files you are comfortable sending to Venice, and control where embedding outputs are saved or reused.
A future dependency resolution could install a different httpx version than the one the author tested.
The Python scripts rely on the httpx package without a pinned version; this is expected for an API client but is still a supply-chain consideration.
# dependencies = ["httpx"]
Prefer pinned dependencies or a lockfile when deploying in sensitive environments.
Users may rely on the provider privacy claim when deciding whether to upload sensitive prompts, documents, images, or audio.
The README makes a strong privacy claim while also advising users to verify trust in the provider before sending sensitive data.
All with Venice.ai's privacy-focused inference (no logging, no data retention). ... Trust: Verify you trust Venice.ai before sending sensitive data
Review Venice AI’s current privacy and retention terms before sending sensitive data through the skill.