Nano Gpt
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill looks purpose-aligned for NanoGPT API use. Before installing, verify the npm/package source, set the API key only in a place you trust, keep the base URL pointed at a trusted NanoGPT-compatible endpoint, and only provide media files you are comfortable uploading. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or building the CLI will run normal npm package workflows on the user's machine.
The skill documents installing and building Node CLI code. That is central to the stated purpose, but users should still trust the npm package/source before installing it.
If the repo is not present locally, install the published CLI instead: ```bash npm install -g nano-gpt-cli ```
Install only from a trusted source, review the package identity, and prefer a normal unprivileged user environment.
Anyone with access to the stored token or environment variable may be able to use the user's NanoGPT account/API quota.
The skill requires a provider API credential and optionally stores it locally. This is expected for the integration and is disclosed.
This skill requires a NanoGPT API token. Set the token in `NANO_GPT_API_KEY` ... Or configure it once and store it in the local `nano-gpt-cli` user config
Prefer environment variables if you do not want local token storage, and keep the configured base URL trusted.
Text prompts and selected local media may leave the user's machine and be processed by the configured NanoGPT endpoint.
The skill clearly discloses that prompts and explicitly selected images/videos are transmitted to an external provider endpoint.
Prompts and any provided media are sent to the configured NanoGPT API endpoint, which defaults to `https://nano-gpt.com`.
Do not attach sensitive screenshots, recordings, documents, or private media unless you explicitly want to send them to NanoGPT.