Nano Banana
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent image-generation helper, with expected notes that it runs a local shell wrapper and sends prompts to an image-generation backend.
This appears safe for its stated purpose. Before installing, be aware that it runs a Bash helper and that your image prompts may be sent to the image-generation backend; do not include private or confidential text in prompts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing users should know the skill is not purely prompt text; it runs a local Bash wrapper that relies on a separate image-generation script.
The included script delegates execution to a core image-generation helper outside the skill's own file manifest. This is consistent with the documented purpose, but it means behavior depends on that external core primitive.
CORE_SCRIPT="$SCRIPT_DIR/../../../../core/media/generate-image.sh" bash "$CORE_SCRIPT" --prompt "$EXPERT_PROMPT" --model "nano-banana-pro" --resolution "$RESOLUTION" $VIEW_FLAG --json
Use it only in an environment where the core media generation primitive is trusted and expected.
Any private details included in the image prompt could be sent to the generation provider.
The skill discloses that image generation is handled through an external/provider-style service. This is expected for an image-generation skill, but prompt contents may leave the local environment.
generates high-fidelity images via muapi.ai with logic-based prompting
Avoid putting secrets, confidential business information, or sensitive personal data into prompts unless you are comfortable sharing them with the image-generation backend.