Caution

nano-banana-pro

Name: nano-banana-pro Security Scan — CAUTION
Item: nano-banana-pro
Rating: 6

https://clawhub.ai/steipete/nano-banana-pro

Risk Score5

Publishersteipete

TypeOpenClaw SKILL

Transparencyhigh

This skill is a straightforward image-generation integration for Google's Gemini image API. It asks the agent to run a local Python script that sends your prompt, and optionally an input image, to the remote service and saves the result as a PNG. I did not find hidden hooks, persistence tricks, or covert exfiltration behavior. The main reason for caution is that it uses an API key and makes outbound network requests, which is expected here but still means you are trusting executable code with credentials and remote access.

Package Info

SHA-256010c43528702…

Size11.9 KB

Permission Map

Everything this skill can access, modify, and communicate with on your system.

Reads from

GEMINI_API_KEY from environment variablesoptional input image path provided via --input-image

Writes to

PNG image to the user-specified --filename path

Runs

scripts/generate_image.py when invoked manually via uv run as documented in SKILL.md

Talks to

Permissions Requested

Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools

Network Calls

Google Gemini API via google-genai client

File Writes

user-specified output path from --filenameparent directories of the user-specified output path

nano-banana-pro

Flagged Behaviors (2)

How This Was Analyzed

Next Steps

About this scan

nano-banana-pro

What does this skill actually do?

What security issues were found?

Flagged Behaviors (2)

How was this scan performed?

How This Was Analyzed

Should you install this skill?

Next Steps