IMA Nano Banana Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed image-generation skill that uses an IMA API key, sends selected prompts/images to documented IMA endpoints, and keeps limited local logs/preferences.

Install only if you trust IMA Studio with your prompts, selected reference images, generated output metadata, and IMA API key. Use a scoped or test key if available, avoid uploading sensitive local images, prefer HTTPS image URLs, and delete the disclosed ~/.openclaw logs/preferences if you do not want local usage records retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The top-level description understates important data flows and persistence behavior: local images may be uploaded to a second domain, API credentials may be sent there for upload-token operations, and user data is written to local preference/log files. This is dangerous because users or operators may consent to image generation without realizing their local files and metadata are transferred to an additional service and retained locally, weakening informed consent and increasing privacy/compliance risk.

Description-Behavior Mismatch

Low

Confidence: 88% confidence
Finding: The script persists per-user preference history to ~/.openclaw/memory/ima_prefs.json even though the skill is described as an image-generation utility. This creates unnecessary local data retention that can reveal user identifiers, model usage history, and timestamps to other local processes or users on the same machine.

Context-Inappropriate Capability

Low

Confidence: 90% confidence
Finding: User preference data is written to disk with user_id, model_id, model_name, credit, and last_used timestamp. Even if not highly sensitive, this is unnecessary persistence for the stated function and increases privacy exposure and forensic residue on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal