Nano Banana Image Skills
Security checks across malware telemetry and agentic risk
Overview
This skill coherently generates and refines images through the disclosed Wisdom Gate API, but users should know it needs an API key, sends selected prompts/images to that provider, and stores refinement history locally.
Before installing, make sure you trust the Wisdom Gate API flow and are comfortable sending selected prompts/images to it. Use a dedicated WISGATE_KEY, install Python dependencies from trusted sources, avoid sensitive images unless appropriate, and keep output/history paths limited to files meant for this skill.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide an API key that can make requests to the Wisdom Gate service.
The skill requires a provider API key to authorize image-generation requests. This is expected for the service, but it grants account/API usage authority and may have billing implications.
A valid [Wisdom Gate](https://wisgate.ai) API key ... export WISGATE_KEY="your_api_key_here"
Use a dedicated, revocable API key with the minimum needed access, keep it in the environment rather than prompts or files, and monitor provider usage/billing.
Prompts and selected reference images leave the local machine and are processed by the external provider.
The prompt and any user-selected input images are packaged into a request to the external Wisdom Gate API. This is central to the skill and disclosed, but it is still a data boundary users should understand.
api_url = f"https://api.wisgate.ai/v1beta/models/{model}:generateContent" ... parts = [{"text": prompt}] ... "inline_data": {"mime_type": mime_type, "data": image_data}Only use prompts and images you are comfortable sending to Wisdom Gate/Gemini, and review the provider’s data-use terms for sensitive or private images.
Prompts and generated image data may persist locally in the history JSON and be resent during later refinements.
The refinement workflow loads prior conversation history, appends new prompts and model responses, and saves it back to disk for reuse across turns.
contents = load_conversation(history_file) ... contents.append({"role": "model", "parts": model_parts}) ... save_conversation(history_file, contents)Use separate history files for separate projects, delete or reset history when it contains sensitive content, and avoid sharing conversation.json unintentionally.
If a wrong --history path is supplied with --reset, a non-history file could be deleted.
The reset option deletes the file supplied as the history path. This is purpose-aligned for clearing conversation history, but the path is not constrained to a skill-owned directory.
if args.reset and os.path.exists(args.history):
os.remove(args.history)Use the default history file or a clearly dedicated project history file, and do not pass system, credential, or unrelated document paths to --history.
Users may need to install dependencies manually, which depends on their local Python environment and package source trust.
The runtime dependency is documented but not represented by an install spec or pinned requirements file in the provided artifacts.
Python 3.8+ ... `requests` library (`pip install requests`)
Install dependencies from trusted sources, preferably in a virtual environment, and pin versions if packaging this skill for repeatable deployment.