Back to skill

Security audit

Gemini Nano Banana

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Gemini image-generation gateway wrapper, with normal third-party API, API-key, dependency, and output-file considerations.

Install only if you trust OneKey Gateway and the listed npm/PyPI packages. Use a revocable API key, avoid sending private prompts, sensitive images, secrets, or regulated data unless external processing is acceptable, and provide explicit safe output locations for generated files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares environment-variable use and file-related behavior but does not declare explicit permissions or capability boundaries. This can mislead operators and downstream agents about what the skill can access, increasing the chance of overbroad execution in environments that rely on manifest metadata for trust decisions.

Vague Triggers

Low
Confidence
74% confidence
Finding
The description is too generic and does not state when the skill should or should not be invoked, what data it sends externally, or what side effects it may have. This ambiguity can cause an agent to invoke the skill in inappropriate contexts, especially since it connects to external services and may write output files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes use of a commercial gateway and image/OCR capabilities but does not clearly warn that prompts and images may be transmitted to third-party external APIs. Users may unknowingly expose sensitive text, images, or metadata to an external processor, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill documents saving generated files to user-specified paths, including relative paths, without a clear warning about filesystem side effects or path-safety constraints. In practice, this can lead to accidental overwrites, writes to sensitive locations, or unsafe agent behavior if untrusted path input is passed through.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script forwards arbitrary JSON payload data to a remote gateway without any user-facing disclosure, confirmation, or data-sensitivity checks. In an agent skill context, this can cause users or upstream systems to unknowingly transmit sensitive prompts, file-derived content, or personal data to an external service, increasing privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.