Back to skill
Skillv2.0.2
VirusTotal security
Venice API Kit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:20 AM
- Hash
- a55f07b1d6778e0ffd4fa004cd4178c642ca1dd9927db457c7fb9cdd26b3c5b3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: venice-api-kit Version: 2.0.2 The skill bundle is generally well-structured and transparent, interacting solely with the stated `https://api.venice.ai` endpoint. However, the Python scripts (e.g., `image_upscale.py`, `embeddings.py`, `transcribe.py`) accept file paths via command-line arguments (`--image`, `--file`, `--output`) and directly use `pathlib.Path` to read from or write to these locations. This design introduces a path traversal vulnerability, allowing a malicious user or a compromised agent to potentially read or write arbitrary files on the host system by providing crafted paths (e.g., `../../../../etc/passwd`). While there is no evidence of intentional malicious behavior (such as exfiltration to unauthorized domains, backdoors, or obfuscation), this vulnerability elevates the classification from benign to suspicious.
- External report
- View on VirusTotal