Location Aware Backgrounds
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent image-generation skill, with the main things to notice being its use of a Gemini/Nano Banana Pro credential, external rendering, and local image file writes.
This skill appears safe for its stated purpose. Before installing, be comfortable using your Gemini API key with Nano Banana Pro, explicitly approve or decline any live location/weather lookup, and avoid supplying sensitive reference images or screenshots unless you intend them to be used for rendering.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create local image files and consume rendering quota or cost through the configured provider.
The skill is expected to invoke an image-rendering tool and create files. This is purpose-aligned and scoped to requested image outputs.
Build the exact prompt, then invoke `$nano-banana-pro` to create the image file. If the user supplied reference images, pass them through.
Specify the output path, resolution, and number of variants when cost or file placement matters.
The skill may use your Gemini/Nano Banana Pro account, quota, or billing when rendering images.
The skill requires a Gemini API key to use the rendering service. This is expected for the stated purpose, with no evidence of credential logging, hardcoding, or unrelated use.
Required env vars: GEMINI_API_KEY; Primary credential: GEMINI_API_KEY
Use a key with appropriate limits and monitor provider usage if render cost matters.
The environment may require an extra local tool that is not clearly tied to the visible instructions.
`uv` is declared as a required binary, but the visible workflow does not show an install step or explain its use. There is no bundled code or remote script evidence.
Required binaries (all must exist): uv ... No install spec — this is an instruction-only skill.
Verify why `uv` is required before installing if you maintain a minimal or locked-down environment.
Reference images, screenshots, location details, or weather/context details you provide may be sent to the rendering provider.
Prompts may include location/time/weather context and user-supplied reference images that are passed to the external renderer. This is disclosed and purpose-aligned, but it is still a data-sharing boundary users should notice.
Use place, local time, season, and weather ... If the user supplied reference images, pass them through.
Avoid providing sensitive screenshots or private location context unless you intend to use them for rendering.