ClawHub

Nano Banana Pro OpenRouter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses an OpenRouter API key to generate images and saves the results locally, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with the agent using an OpenRouter API key for billed image-generation requests. Prefer a dedicated limited key, keep the skill .env scoped to OPENROUTER_API_KEY and OPENROUTER_BASE_URL, and verify the base URL points to the provider endpoint you intend to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation instructs the agent to read local .env files and extract credentials, which is sensitive secret access beyond the user-visible image-generation function. This creates a path for the agent to access local secrets without explicit user consent and expands the blast radius if the skill is misused or triggered broadly.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation language is broad enough to match ordinary image-generation requests, which can cause the skill to trigger in situations beyond a narrowly intended scope. Because this skill also instructs credential access and shell execution, overbroad triggering materially increases the chance of unintended sensitive actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly tells the agent to read and extract API credentials from .env files without a clear user-facing warning or consent step. Silent secret retrieval is dangerous because it normalizes hidden access to local credentials and may expose users to unauthorized use of their accounts.

Ssd 3

High
Confidence
99% confidence
Finding
Reading an API key from .env and then passing it on the command line is risky because command-line arguments may be exposed through process listings, logs, shell history, or telemetry. This can leak the credential to other local users, tools, or infrastructure components that can inspect process metadata.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal