ClawHub

Nano Banana Image T8

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate image-generation helper, but it can send prompts/images to an external service and save an API key locally for reuse.

Install only if you are comfortable giving this skill a Nano Banana/T8Star API key, sending prompts and selected images to https://ai.t8star.cn, and allowing local key reuse. Delete ~/.whaleclaw/credentials/nano_banana_api_key.txt if you no longer want the saved key used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes shell scripts, reads environment variables, accesses credential files, and makes network requests, yet it declares no explicit permissions boundary. That mismatch increases the chance of users or the platform underestimating the skill's capabilities, especially since it handles API keys and writes them to disk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Generic triggers like 'image generation test' and 'image edit test' are broad enough to match unrelated conversations, causing the skill to activate outside the user's intended context. Because this skill can access API keys, files, shell, and networked scripts, accidental invocation increases the risk of unintended credential handling or external requests.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly allows persisting API keys to '~/.whaleclaw/credentials/nano_banana_api_key.txt' and reusing them later, but it does not require a clear user-facing consent notice at the point of storage. Silent credential persistence is dangerous because users may assume keys are ephemeral, and a locally stored key can be exposed through later compromise, backup leakage, or unintended cross-session reuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal