Security Audit

venice-ai-media

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

venice-ai-media received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 0 critical, 2 high, 5 medium, and 1 low severity. Key findings include Suspicious import: urllib.request, SSRF and Local File Disclosure via User-Controlled Input, Client-Side XSS in Locally Generated HTML Gallery.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 65/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

65%

Dependency Graph

100%

LLM Behavioral Safety

68%

Behavioral Risk Signals

Network Access

7 findings

Filesystem Write

3 findings

Shell Execution

1 finding

Excessive Permissions

7 findings

Security Findings8

Severity	Finding	Layer	Location
HIGH	SSRF and Local File Disclosure via User-Controlled Input The skill allows fetching content from arbitrary URLs (SSRF) or reading arbitrary local files (Local File Disclosure) based on user-provided input. This content is then base64 encoded and sent to the Venice AI API. An attacker could exploit this to probe internal networks, access sensitive local files (e.g., configuration files, SSH keys, /etc/passwd), and exfiltrate their content to the Venice AI service. While the destination is the intended Venice AI API, the ability to read/fetch arbitrary data sources constitutes a significant security risk. Implement strict validation and sanitization for user-provided URLs and file paths. For URLs, consider whitelisting allowed domains or protocols. For local files, restrict access to specific directories or file types, or prompt the user for explicit confirmation before reading sensitive files. Ensure that the Venice AI API is trusted to handle potentially sensitive data from arbitrary sources.	LLM	scripts/venice-upscale.py:109
HIGH	SSRF and Local File Disclosure via User-Controlled Input The skill allows fetching content from arbitrary URLs (SSRF) or reading arbitrary local files (Local File Disclosure) based on user-provided input. This content is then base64 encoded and sent to the Venice AI API. An attacker could exploit this to probe internal networks, access sensitive local files (e.g., configuration files, SSH keys, /etc/passwd), and exfiltrate their content to the Venice AI service. While the destination is the intended Venice AI API, the ability to read/fetch arbitrary data sources constitutes a significant security risk. Implement strict validation and sanitization for user-provided URLs and file paths. For URLs, consider whitelisting allowed domains or protocols. For local files, restrict access to specific directories or file types, or prompt the user for explicit confirmation before reading sensitive files. Ensure that the Venice AI API is trusted to handle potentially sensitive data from arbitrary sources.	LLM	scripts/venice-video.py:20
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nhannah/venice-ai-media/scripts/venice-edit.py:10
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nhannah/venice-ai-media/scripts/venice-image.py:11
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nhannah/venice-ai-media/scripts/venice-upscale.py:11
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nhannah/venice-ai-media/scripts/venice-video.py:10
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/nhannah/venice-ai-media/scripts/venice_common.py:9
LOW	Client-Side XSS in Locally Generated HTML Gallery The `write_gallery` function in `venice-image.py` generates a local HTML file (`gallery.html`) that embeds user-provided prompt text directly into `<figcaption>` tags without proper HTML escaping. If a malicious user provides a prompt containing HTML or JavaScript (e.g., `<script>alert('XSS')</script>`), this code would execute when the user opens the generated `gallery.html` file in a web browser. This is a client-side Cross-Site Scripting (XSS) vulnerability in a local file. Before embedding user-provided `prompt` text into the HTML output, ensure it is properly HTML-escaped. For example, use a utility function to convert characters like `<`, `>`, `&`, `'`, `"` to their corresponding HTML entities (`<`, `>`, `&`, `'`, `"`).	LLM	scripts/venice-image.py:204

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7a44264762934481.svg)](https://skillshield.io/report/7a44264762934481)