Back to skill

Security audit

Nanobanana Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Gemini image generation helper that uses a disclosed API key and user-provided inputs, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable using a Gemini API key and sending your prompts, selected reference images, and video/search requests to Google services. Keep the API key scoped and private, review any .env file before use, and avoid submitting sensitive personal or confidential images unless that matches your intended use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly requires the GEMINI_API_KEY environment variable and instructs users to export it, but the metadata only declares allowed tools and does not declare any permission/capability for environment access. That mismatch can weaken policy enforcement and review, because the script may read sensitive environment variables without the skill manifest making that access explicit.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
load_dotenv()

    # Check API key
    api_key = os.environ.get("GEMINI_API_KEY")
    if not api_key:
        print("Error: GEMINI_API_KEY is not set. Please configure it in .env file or environment variable:", file=sys.stderr)
        print("  GEMINI_API_KEY=your_api_key", file=sys.stderr)
Confidence
70% confidence
Finding
os.environ.get("GEMINI_API_KEY

Credential Access

High
Category
Privilege Escalation
Content
script_dir = os.path.dirname(os.path.abspath(__file__))
    candidates = [
        os.path.join(script_dir, ".env"),
        os.path.join(script_dir, "..", ".env"),
    ]
    for path in candidates:
        path = os.path.normpath(path)
Confidence
60% confidence
Finding
.env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.