ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ad Designer

v1.0.0

Generate marketing ad images using Nano Banana Pro (Gemini 3 Pro Image). Accepts campaign-planner creative briefs, reads brand bible for visual style, constr...

0· 441·2 current·2 all-time
by@baitoxkevin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (brand-aware ad image generation) matches the SKILL.md content. However the published registry metadata claims no required env vars or binaries, while SKILL.md explicitly checks for GEMINI_API_KEY, a local nano-banana-pro script at ~/.codex/skills/nano-banana-pro/scripts/generate_image.py, and the 'uv' binary. That metadata omission is an incoherence: a consumer would need those prerequisites to run the skill.
!
Instruction Scope
Instructions are narrowly focused on image prompt construction and calling the upstream nano-banana-pro engine and store outputs under /tmp/marketing/assets/images/. They also instruct reading brand and campaign files from /tmp and a ~/.codex path (expected for integration). Concerning points: SKILL.md directs the user to install 'uv' via a remote installer (curl -LsSf https://astral.sh/uv/install.sh | sh) and assumes a GEMINI API key is present — both are external actions. The doc also discourages showing the brand bible to the user (it says 'Do not show it to the user') which is an odd prescriptive UI instruction but not necessarily malicious.
!
Install Mechanism
There is no formal install spec in the package (instruction-only), which is lower risk, but the prerequisites section recommends installing 'uv' by piping a remote script from astral.sh into sh. Recommending curl | sh from an external URL is a high-risk install pattern because arbitrary code could be executed; the skill itself does not include vetted, reproducible install artifacts. This is a packaging / safety concern.
Credentials
The only secret-like item referenced in SKILL.md is GEMINI_API_KEY (appropriate for using Google AI's Gemini image API). No unrelated credentials are requested. The skill expects and reads local files under ~/.codex and /tmp/marketing (campaign briefs, brand bibles), which is proportionate to its purpose. The metadata failing to declare GEMINI_API_KEY or the need for nano-banana-pro is an inconsistency to fix.
Persistence & Privilege
The skill does not request persistent inclusion (always:false), does not claim to modify other skills or system-wide configs, and writes outputs to /tmp/marketing/assets/images/ (local ephemeral path). It does not request elevated privileges in the manifest.
What to consider before installing
This skill appears to implement the advertised ad-image workflow, but there are packaging and install red flags you should address before running it. What to check before installing/using: - Confirm prerequisites SKILL.md mentions: ensure you actually have GEMINI_API_KEY and the nano-banana-pro skill (check ~/.codex/skills/nano-banana-pro/scripts/generate_image.py). The registry metadata should list GEMINI_API_KEY and any required binaries — ask the publisher to correct the manifest. - Do NOT blindly run curl | sh. If you must install 'uv' from https://astral.sh/uv/install.sh, first download the script, inspect its contents, and verify the source/trustworthiness. Prefer package manager installs or official release artifacts. - Review the local script generate_image.py (and any other code from nano-banana-pro) before executing to see what network calls it makes and what data it may send. - Use the least-privilege API key: create a key scoped for image generation only, and avoid exposing broader Google Cloud credentials. - Because the skill reads files under your home and /tmp, ensure those files don't contain secrets you wouldn't want the skill to access, and consider running initial tests in a sandboxed environment or VM. If you cannot verify the installer and the origin of the skill (source is unknown), treat it cautiously and ask the publisher for a provenance/manifest update and signed release artifacts before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781c9yvnpas7q3cwbjr0mwth81wnse

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments