Nano Banana Image T8
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent image-generation skill, but users should notice that it stores a Nano Banana API key locally and sends prompts or selected images to an external API.
Before installing, make sure you trust the T8/Nano Banana provider, use a revocable API key, and avoid sending private images or prompts you would not want processed by the external API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may execute the local helper script to call the image API and save outputs.
The skill instructs the agent to run a bundled Python script through the shell. This is expected for the integration and is scoped to the skill script.
使用技能自带脚本执行联调(优先)... python ~/.whaleclaw/workspace/skills/nano-banana-image-t8/scripts/test_nano_banana_2.py
Use the skill only if you are comfortable running its bundled script; keep the script path fixed as documented.
Anyone with access to that local credential file may be able to use the saved API key.
The skill requires a provider API key and can store it locally for reuse. This is purpose-aligned and disclosed, though registry metadata does not list a primary credential.
key: api_key ... type: api_key ... required: true ... env_vars: ["NANO_BANANA_API_KEY"] ... saved_file: "~/.whaleclaw/credentials/nano_banana_api_key.txt"
Use a dedicated, revocable API key and delete ~/.whaleclaw/credentials/nano_banana_api_key.txt if you no longer want the skill to reuse it.
Prompts and any selected images may leave the local machine and be processed by the T8/Nano Banana API provider.
For image editing, the helper script uploads selected image files and prompt data to the configured external provider API. This is expected for image-to-image generation.
resp = client.post(f"{base_url}/v1/images/edits", data=form_data, files=files, timeout=300)Do not use sensitive or private images unless you are comfortable sending them to https://ai.t8star.cn.