Gemini Image Simple
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: gemini-image-simple Version: 1.1.0 The skill is classified as benign. The `SKILL.md` provides clear instructions for image generation and editing using the Gemini API, requiring only the `GEMINI_API_KEY` environment variable. The `scripts/generate.py` script implements this functionality using standard Python libraries (`urllib.request`, `json`, `base64`), connecting to the legitimate Google Gemini API endpoint (`https://generativelanguage.googleapis.com/v1beta/models/nano-banana-pro-preview:generateContent`). It reads user-specified input image files and writes generated output image files, which is directly aligned with its stated purpose. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill can consume quota or incur usage under the Gemini API key supplied by the user.
The script uses a Gemini API key from the environment to call Google’s image generation endpoint. This credential use is disclosed and directly aligned with the skill’s purpose.
key = os.environ.get("GEMINI_API_KEY") ... url = f"https://generativelanguage.googleapis.com/v1beta/models/nano-banana-pro-preview:generateContent?key={api_key}"Use a Gemini API key intended for this purpose, monitor usage, and avoid sharing the key in logs or prompts.
If directed to an existing or sensitive path, the script could overwrite a file with image output.
The script writes the generated image to a caller-provided local path and may create missing parent directories. This is expected for an image generator but is still local file mutation.
parser.add_argument("output", help="Output file path (e.g., output.png)") ... output_dir.mkdir(parents=True, exist_ok=True) ... with open(output_path, "wb") as f:Provide an output path in a safe project or downloads directory and avoid pointing it at important existing files.