ClawHub

Nano Banana 2 Direct

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Gemini image-generation/editing wrapper, but users should know prompts and optional input images go to Google’s API.

Install only if you are comfortable using a Gemini API key and sending image prompts and any input images to Google’s Gemini service. Avoid confidential, regulated, proprietary, or personal images unless that external processing is approved, and consider pinning dependencies in managed environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares runtime requirements including access to the GEMINI_API_KEY environment variable and executes installation commands, but there is no explicit permissions declaration communicating that sensitive environment data may be accessed. This creates a transparency and consent gap: users or orchestrators may invoke the skill without understanding that secrets are consumed and external API calls are possible.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation guidance is broad enough to match most image generation or editing requests, without strong boundaries about when the skill should or should not be selected. Over-broad routing can cause prompts and local image paths to be sent to this skill unexpectedly, increasing the chance of unintended disclosure to an external service or misuse when a simpler/local tool was intended.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explains how to pass prompts and input images into the script but does not warn that both are transmitted to Google's external Gemini API. Users may reasonably assume processing is local because the skill focuses on command usage and file handling, creating a privacy and data-governance risk for sensitive prompts or images.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the user-provided prompt and optional local input image to Google's external Gemini API, but it provides no explicit notice or consent step at the point of transmission. This is a real privacy/security issue because users may unknowingly upload sensitive images or confidential text to a third-party service, especially in an agent-skill context where tool execution can feel local or opaque.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal