Gemini Image Simple
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill can consume quota or incur usage under the Gemini API key supplied by the user.
The script uses a Gemini API key from the environment to call Google’s image generation endpoint. This credential use is disclosed and directly aligned with the skill’s purpose.
key = os.environ.get("GEMINI_API_KEY") ... url = f"https://generativelanguage.googleapis.com/v1beta/models/nano-banana-pro-preview:generateContent?key={api_key}"Use a Gemini API key intended for this purpose, monitor usage, and avoid sharing the key in logs or prompts.
If directed to an existing or sensitive path, the script could overwrite a file with image output.
The script writes the generated image to a caller-provided local path and may create missing parent directories. This is expected for an image generator but is still local file mutation.
parser.add_argument("output", help="Output file path (e.g., output.png)") ... output_dir.mkdir(parents=True, exist_ok=True) ... with open(output_path, "wb") as f:Provide an output path in a safe project or downloads directory and avoid pointing it at important existing files.