ClawHub

Nanobanana Skill

Security checks across malware telemetry and agentic risk

Overview

This Gemini image tool is mostly coherent, but it should be reviewed because it can send prompts and local images to Google while also enabling under-disclosed Google Search and thought-output features.

Install only if you are comfortable sending image prompts and any selected local images to Google Gemini under your Gemini API account. Avoid confidential or sensitive images, use an isolated Python environment and a restricted API key where possible, and review commands so they only run the documented nanobanana.py workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill enables Google Search as a tool during image generation/editing even though the stated functionality is only Gemini-based image creation/editing. This expands the data flow and capability surface beyond user expectations, potentially sending prompt-derived queries externally and introducing unannounced retrieval behavior.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The skill requests model thought output via include_thoughts=True, which is unrelated to producing the final image and can cause additional internal reasoning content to be returned and printed. This increases unnecessary data exposure and may reveal sensitive prompt-derived reasoning or provider-internal content without benefiting the user-facing task.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad and overlap with common user requests like 'generate image' or 'edit image', increasing the chance the skill auto-activates in ordinary conversations. That can cause unintended execution of a tool-enabled workflow and unexpected transmission of prompts or files to an external API.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill says it uses Google Gemini via nanobanana, but it does not clearly warn users that their prompts and any input images will be sent to a third-party service. This creates a privacy and data-handling risk, especially if users provide sensitive images or confidential text assuming processing is local.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends user prompts and any supplied local image files to the Google Gemini API, but it does not provide an explicit user-facing warning that this data leaves the local environment. Because image-editing inputs may contain sensitive personal or proprietary content, users may unknowingly transmit private data to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal