Back to skill

Security audit

Nano Banana Image T8

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Nano Banana image-generation integration, but users should know it stores an API key locally and sends prompts/images to an external API.

Install only if you trust the Nano Banana/T8 API provider with your prompts, uploaded images, and a dedicated API key. Consider deleting or rotating ~/.whaleclaw/credentials/nano_banana_api_key.txt if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes bash and a Python script, uses environment variables, reads and persists credentials to disk, and makes outbound network requests, yet no explicit permissions are declared. This creates a transparency and containment gap: the runtime may grant broader capabilities than users or reviewers expect, increasing the risk of secret handling and command execution abuse.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad triggers such as 'image generation test' and 'image edit test' can activate the skill in unrelated conversations, causing the agent to solicit or process API keys and images when the user did not clearly intend to use this integration. In this skill, unintended activation is more dangerous because it includes credential capture logic and external API calls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs persistent saving of an API key to a fixed file path and reuse across sessions, but it does not prominently warn users before storage or require explicit opt-in at the point of saving. Because the skill also supports broad triggers and automatic key extraction in some cases, this increases the risk of silent credential retention and later misuse if the local environment is compromised or the skill is triggered unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.