ClawHub
Back to skill
v1.0.1

Nano Banana Pro OpenRouter

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

The skill’s image-generation behavior is mostly coherent, but it handles OpenRouter API keys and provider endpoints in a way users should review before installing.

GuidanceReview this skill before installing. If you use it, store the OpenRouter key only in a trusted location, verify OPENROUTER_BASE_URL is the intended OpenRouter HTTPS endpoint, avoid placing API keys directly in chat, and rotate the key if you suspect it was exposed.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityInfoConfidenceHighStatusNote
SKILL.md
sh ~/.openclaw/workspace/skills/nano-banana-pro-openrouter/scripts/generate_image.sh --prompt "your image description" ... Images are always saved under `~/.openclaw/workspace/outputs/nano-banana-pro-openrouter`

The skill runs a local shell script and writes output files; this is disclosed and central to its image-generation purpose.

User impactUsing the skill will execute a local command, call an external provider, and create image files in the OpenClaw workspace.
RecommendationReview the command and keep generated-output handling within the documented output directory.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
If `~/.openclaw/workspace/skills/nano-banana-pro-openrouter/.env` exists: ... Use the `read` tool to read `.env` ... Extract `OPENROUTER_API_KEY` ... Always pass the key via `--api-key`

This explicitly directs the agent to read a local credential file and put the API key into command arguments, which increases secret exposure beyond a narrowly scoped environment-variable use.

User impactAn OpenRouter API key could be exposed in agent context, command traces, or local process arguments, and could be used to consume the user’s OpenRouter quota.
RecommendationDeclare the credential requirement clearly, avoid reading secrets into chat/tool context when possible, and prefer a secret store or environment variable that the script can consume without placing the key in command arguments.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
scripts/generate_image.sh
base_url=${OPENROUTER_BASE_URL:-} ... curl ... -H "Authorization: Bearer $api_key" ... -d "$payload" ... "$base_url"

The endpoint receiving the prompt and bearer token is taken from environment/.env configuration and is not constrained to an OpenRouter domain or HTTPS endpoint.

User impactIf OPENROUTER_BASE_URL is misconfigured or poisoned, the prompt and API key could be sent to an unexpected service.
RecommendationVerify that OPENROUTER_BASE_URL is exactly the intended OpenRouter HTTPS chat-completions endpoint before use, and consider adding endpoint validation or a safe default.