ClawHub

Nano Banana Image T8

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Nano Banana image-generation helper that uses a user API key and saves outputs locally, with credential persistence that users should understand before use.

Install only if you intend to use the ai.t8star.cn Nano Banana image API through this skill. Treat the API key as a secret: prefer a dedicated limited-use key, know that it may be stored under ~/.whaleclaw/credentials/nano_banana_api_key.txt, delete or rotate it when no longer needed, and only provide image paths you are comfortable uploading to the API for editing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes bash, reads files, uses environment variables, persists credentials to disk, and calls a remote API, yet no explicit permission model is declared. That mismatch weakens operator visibility and policy enforcement, making it easier for a high-capability skill handling secrets to run with less scrutiny than it should.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly stores a user API key on disk for reuse but does not require a clear warning or consent flow about persistence, retention, and local exposure risk. Because the key is a reusable secret tied to an external service, silent persistence increases the chance of unintended credential storage and later compromise from local file access.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill directs the agent to capture user-provided API keys from chat content and persist them for future sessions. Persisting secrets extracted from conversation text expands the blast radius of any prompt leak, transcript exposure, local compromise, or cross-session misuse, especially because the key enables authenticated outbound API access.

Ssd 3

Medium
Confidence
97% confidence
Finding
These instructions operationalize secret extraction from user messages when certain trigger phrases appear, creating a rule-based mechanism for harvesting and saving 'sk-' style keys from free-form chat. Even with scope conditions, this is risky because conversational context can be ambiguous, logged, forwarded, or manipulated, and the stored key can be reused beyond the original intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal