ClawHub
Back to skill

Security audit

Chen Nano Banana Pro

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is purpose-aligned and disclosed, though users should understand that prompts, selected images, and API keys are used with an external Gemini-compatible service.

Install only if you are comfortable configuring a Gemini-compatible API key and sending your prompts or chosen input images to the configured image provider. Avoid using confidential images or sensitive text unless your provider agreement allows it, store API keys in a scoped .env or secret mechanism, and prefer the GitHub/ClawHub install path over third-party mirror installers when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill invokes a local Python script and explicitly relies on environment access for `GEMINI_API_KEY`, but the metadata does not declare permissions/capabilities accordingly. This creates a transparency and policy-enforcement gap: an agent may use environment-sourced secrets without the user clearly understanding that the skill reads local environment variables.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to send prompts and potentially user-supplied images to Google's external API, but it does not present a clear privacy warning or require user confirmation before transmitting potentially sensitive content off-device. Users may inadvertently expose confidential prompts, proprietary images, or personal data to a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal