Back to skill
Skillv0.1.4
ClawScan security
Nano Banana Image T8 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 11, 2026, 1:12 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its stated purpose (calling the Nano Banana image API) but contains a few behavioral mismatches and persistence details that don't fully align with the written constraints—review before installing.
- Guidance
- This skill appears to do what it claims: call an external image-generation API and save outputs locally. Before installing, consider: 1) Network/data: the script will upload prompts and any input images to the remote host (default https://ai.t8star.cn). Do not upload sensitive images or reuse high-privilege API keys you aren’t comfortable sending to that endpoint. 2) Key persistence: the API key can be saved to ~/.whaleclaw/credentials/nano_banana_api_key.txt (file perms 600 on non-Windows) — remove it if you don’t want long-term stored credentials. 3) Policy mismatch: SKILL.md forbids changing the API base URL and restricts when a key may be captured/saved, but the script includes a --base-url flag and will save any key entered interactively; so the enforcement is partly manual. 4) Non-interactive WebChat usage: the SKILL.md requires non-interactive, param-driven runs (pass --api-key or env var); make sure the agent/system will supply keys only in the intended scenarios. If you need stronger guarantees, ask the author to remove the --base-url override and to implement programmatic checks that enforce the SKILL.md capture/save rules (so keys are only stored under the declared conditions).
Review Dimensions
- Purpose & Capability
- okName/description (image gen/edit via Nano Banana API) matches the included script and SKILL.md. The only requested credentials are an API key (via param or NANO_BANANA_API_KEY) which is appropriate for this purpose.
- Instruction Scope
- concernSKILL.md tightly constrains runtime behavior (must use the bundled script, disallow ad-hoc curl or writing temporary scripts, restrict where keys may be captured/saved, forbid scanning other project files). The included Python script largely implements the expected API calls, but it exposes interactive key prompts and an overridable --base-url and will unconditionally save any key entered interactively. That means the script's behavior can diverge from the SKILL.md rules (e.g., the SKILL.md says only save sk- keys under specific message conditions, but the script will save keys entered during interactive runs).
- Install Mechanism
- okInstruction-only skill with an included test script; there is no installer that downloads arbitrary code. No risky install URLs or archive extraction are present.
- Credentials
- okThe only environment variable referenced is NANO_BANANA_API_KEY (and use of standard HOME for saved files). That aligns with the stated need for an API key; no unrelated credentials or broad environment access are requested.
- Persistence & Privilege
- noteThe skill persistently saves the API key to ~/.whaleclaw/credentials/nano_banana_api_key.txt (script sets file mode 600 on non-Windows). Persistent storage of the API key is expected for convenience but is a lasting local side-effect the user should be aware of. The skill is not force-installed (always: false) and does not request elevated system privileges.