Oathe Security Badge

Is jonisjongithub/venice-ai safe?

https://clawhub.ai/jonisjongithub/venice-ai

65
CAUTION

This Venice AI integration skill provides legitimate functionality for AI content generation but exhibits concerning security behavior by accessing sensitive credential files during installation. While no data exfiltration was detected, the unauthorized file access represents a significant risk that requires careful review.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 20/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 30/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (4)

CRITICAL Sensitive Credential Files Accessed -80

The skill installation process accessed multiple sensitive credential files including SSH keys, AWS credentials, Docker config, and environment files. While no modification or exfiltration was detected, unauthorized access to these files represents a significant security risk.

MEDIUM Promotes Uncensored Content Generation -5

The skill explicitly promotes the use of 'uncensored' AI models that bypass content filters and safety guardrails. While this may be legitimate for some use cases, it could enable generation of harmful, offensive, or dangerous content.

MEDIUM Honeypot Files Accessed -70

Multiple honeypot credential files designed to detect malicious behavior were accessed during installation. Although the files were not modified, this access pattern is concerning and suggests potential credential harvesting attempts.

LOW Executable Python Scripts Included -15

The skill contains multiple executable Python scripts that make external API calls. While the code appears legitimate for Venice AI integration, executable scripts always present some risk if compromised.