Paperbanana
ReviewAudited by ClawScan on May 10, 2026.
Overview
Paperbanana is mostly clear about using AI providers, but its plotting feature says it executes LLM-generated Matplotlib code locally, which deserves review before installing.
Review carefully before installing if you plan to generate plots from untrusted data or run in a sensitive workspace. Use a sandboxed environment, configure only the provider key you need, avoid sensitive inputs, and consider pinning/reviewing the PaperBanana dependency.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated plotting program may run with the same local access as the skill process, so a bad generated script could affect local files, environment variables, or network access.
This explicitly describes local execution of LLM-generated plotting code. That is aligned with plot generation, but the provided artifacts do not document sandboxing or other containment for that generated code.
For **statistical plots**, the Visualizer generates and executes Matplotlib code — producing true vector graphics.
Use the plot feature only in a trusted or sandboxed workspace, avoid untrusted data inputs, and review or pin the PaperBanana package implementation before relying on generated-code execution.
Installing or running the skill may fetch and execute third-party package code from PyPI.
The runtime depends on an external PyPI package installed on first use with a lower-bound version, so future dependency changes could affect behavior.
The skill auto-installs [`paperbanana`](https://pypi.org/project/paperbanana/) on first use via `uv` ... PyPI package: [`paperbanana`](https://pypi.org/project/paperbanana/) (≥0.1.2, installed automatically via `uv`)
Install from trusted sources, consider pinning exact dependency versions, and review the PaperBanana package and its transitive dependencies if using this in a sensitive environment.
The skill can make requests using the configured provider key, which may use quota or incur charges.
The skill needs delegated access to a user’s AI-provider account. This is expected for generation/evaluation, and the artifacts do not show key logging or unrelated use.
This skill requires **at least one** of the following API keys ... `GOOGLE_API_KEY` ... `OPENAI_API_KEY` ... `OPENROUTER_API_KEY`
Configure only the provider key you intend to use, monitor usage and billing, and prefer limited-scope or project-specific keys where the provider supports them.
Research text, reference images, and datasets provided to the skill may leave the local machine and be processed by the selected provider.
The skill clearly discloses that user prompts, images, and data can be sent to Gemini, OpenAI, or OpenRouter for processing.
This skill sends user-provided data to **external third-party APIs** ... Text content ... Generated images ... CSV/JSON data ...
Do not use confidential, proprietary, regulated, or unpublished data unless your organization permits sending it to the configured provider.