Nano Banana Pro via cheaper grsai.com
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: nano-banana-pro-grsai Version: 1.0.0 The skill is suspicious due to potential arbitrary file read and write vulnerabilities in `scripts/generate_image.py`. The script directly uses user-provided paths for `--input-image` and `--filename` without sanitization. An attacker could exploit this via prompt injection against the agent to read sensitive local files (which would then be base64 encoded and sent to grsaiapi.com as part of an image-to-image request) or write arbitrary files to the filesystem, posing a significant risk for data exfiltration or persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The API key may authorize account usage and consume provider quota or credits; passing it in chat or command text can expose it to logs or transcripts.
The skill requires a provider credential for the advertised API use. This is expected, but users should notice that the registry metadata did not declare a primary credential or env var.
The script checks for API key in this order: 1. `--api-key` argument (use if user provided key in chat) 2. `GRSAI_API_KEY` environment variable
Prefer a scoped or rotatable key in `GRSAI_API_KEY` rather than pasting long-lived keys in chat, and rotate the key if it is exposed.
Private prompts or images provided for editing will leave the local machine and be processed by the external API provider.
For image editing, the selected local image is base64-encoded and sent with the prompt to the external grsaiapi.com endpoint.
GRSAI_API_URL = "https://grsaiapi.com/v1/draw/nano-banana" ... b64 = base64.b64encode(img_data).decode("utf-8") ... payload["urls"] = urlsOnly use this skill with prompts and images you are comfortable sending to grsaiapi.com, and verify the provider’s trust and privacy terms before using sensitive content.
A mistaken or overly broad output filename could create directories or overwrite an existing local file with image data.
The script creates directories and writes the downloaded image to the requested filename. This is expected for an image generator, but the path is not constrained by the script.
output_path.parent.mkdir(parents=True, exist_ok=True) ... output_path.write_bytes(resp.read())
Use unique `.png` filenames in the current working directory and avoid pointing output filenames at important or protected files.
The skill will not run unless `uv` is available, and users need to ensure that runtime is installed from a trusted source.
The skill requires the `uv` runtime to execute its script even though the registry metadata lists no required binaries or install spec.
Preflight: - `command -v uv` (must exist)
Install `uv` only from a trusted source, and the skill metadata should declare this runtime requirement.