ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nano Banana

v0.1.0

Reasoning-driven image generation using structured creative briefs (Gemini 3 style) — generates high-fidelity images via muapi.ai with logic-based prompting

0· 247·3 current·3 all-time
byAnil Chandra Naidu Matcha@anil-matcha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to generate images via muapi.ai and a 'nano-banana-pro' model, but the shipped script does not call any network endpoint or muapi-specific client; instead it delegates to a relative path core/media/generate-image.sh. This could be legitimate if the platform provides the muapi adapter and credentials, but the README and manifest do not explain that dependency.
Instruction Scope
SKILL.md confines the agent to rewrite prompts into a reasoning brief and run the provided script. The script itself only constructs a prompt and invokes a single core primitive script; it does not read arbitrary files or environment variables. The only notable action is executing a script located outside the skill directory (../../../../core/media/generate-image.sh).
Install Mechanism
No install spec (instruction-only + one helper script). No downloads or package installs are performed by the skill itself, so there is low install-time risk from the skill bundle.
Credentials
The skill advertises use of muapi.ai but declares no required environment variables or API keys. That mismatch could be benign if the host platform supplies API keys/adapter via the core primitive, but it is unexplained in the SKILL.md and manifest—worth verifying where muapi credentials live and which component performs network calls.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. It does not attempt to modify other skills or system settings in the provided files.
What to consider before installing
This skill is a wrapper that rewrites prompts and then calls a platform 'core/media/generate-image.sh' primitive. Before installing, verify: (1) where the muapi.ai/network call actually happens — inspect core/media/generate-image.sh on your host to confirm which service and credentials it uses; (2) that any API keys required for muapi.ai are stored and managed by the platform (not expected from this skill); (3) that you trust the platform primitive invoked by the relative path (the script executes a file outside the skill directory); and (4) whether the model name 'nano-banana-pro' maps to an internal/private model or an external API. If you cannot inspect the host primitive or confirm credential handling, treat the credential-service mismatch as a risk and do not enable the skill for autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk970b25ww4pm5cpptg9nzs15n982tzwx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments