ClawHub

nano banana image to image

Security checks across malware telemetry and agentic risk

Overview

This image-editing skill does what it claims, but it handles API credentials and generated image data too loosely for automatic trust.

Review before installing. Do not rely on the bundled API key; the publisher should remove and rotate it. Use only a scoped, revocable AtlasCloud token, avoid storing it in general agent memory, and submit only image URLs and prompts you are comfortable sending to AtlasCloud and leaving in local result files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is broad enough to match common image-editing requests that may not specifically require this skill, increasing the chance of over-invocation. Because the skill can request and persist an API token and perform external network actions, accidental triggering expands the exposure of sensitive data and third-party API usage beyond what the user likely intended.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to save the user's AtlasCloud API token to memory for later reuse, but does not clearly warn the user about retention scope, duration, or reuse. Persisting a secret in memory increases the risk of unintended disclosure to other skills, future prompts, logs, or sessions, especially since this skill interacts with external services and is triggered by relatively broad requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script logs the full API polling response on every attempt, which may include sensitive job metadata, output URLs, prompts, provider-side error details, or other user-supplied content. In shared terminals, CI logs, or centralized log collectors, this can disclose data to unintended parties and create durable copies of sensitive information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script silently writes result metadata and image URLs to local files next to the script, which can expose prompts, source image URLs, and output locations to other local users, backup systems, or later processes. Because this persistence is not clearly disclosed in the usage text, operators may unintentionally retain sensitive data on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal