materials-science-figure-skill
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned for Gemini/Nanobanana image generation and local plotting, but image mode sends your prompt, selected images, and API key to the configured provider endpoint.
This skill is reasonable to install if you want Gemini/Nanobanana image generation or local publication-style plotting. Before using image mode, confirm that NANOBANANA_BASE_URL points to a provider you trust, avoid enabling third-party endpoints casually, and do not upload private images or sensitive research text unless you are comfortable sending them to that provider.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The API key may authorize provider usage or billing, so misconfiguration could expose the key to an unintended endpoint.
The script reads a provider API key from the environment or arguments and sends it to the Gemini-compatible API endpoint. This is necessary for the stated image-generation purpose and is disclosed, but it is still credential use.
"--api-key", default=os.getenv("NANOBANANA_API_KEY") ... headers={ "Content-Type": "application/json", "X-goog-api-key": api_key }Use the official Google endpoint unless you intentionally trust another provider, prefer an API-key file or environment variable over command-line keys, and use a scoped key where possible.
Prompts and selected images may leave the local machine and be processed by Google or another explicitly configured Gemini-compatible provider.
The skill clearly discloses that image prompts, credentials, and selected local image files are transmitted to an external provider endpoint during image generation.
`image` mode sends prompt text, API credentials, and any `--input-image` files to the configured Gemini-compatible endpoint.
Do not send confidential images or sensitive prompt content unless you trust the configured endpoint and understand its data-handling terms; use plot mode for local-only numeric figure rendering.