Back to skill
Skillv0.1.2
ClawScan security
๐ซง Nano Banana 2 โ Pro Pack on RunComfy ยท ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:51 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared requirements and runtime instructions match its stated purpose (calling the RunComfy CLI to run Google's Nano Banana 2 model); nothing requested is disproportionate or unrelated.
- Guidance
- This skill is coherent: it simply wraps the RunComfy CLI to call Nano Banana 2. Before installing, confirm you trust the RunComfy npm package and the runcomfy binary you will run. Treat RUNCOMFY_TOKEN like any secret (use CI secrets or environment-scoped tokens, avoid pasting into shared shells). When running, be mindful of the --output-dir argument (don't point it at sensitive system paths) and that enabling web grounding will send extra context to RunComfy. The metadata omission of a 'primary credential' is minor but check that you supply RUNCOMFY_TOKEN as documented.
Review Dimensions
- Purpose & Capability
- okName/description map directly to a RunComfy CLI invocation. Required binary (runcomfy), required env var (RUNCOMFY_TOKEN), and config path (~/.config/runcomfy) are appropriate for a CLI-based model client.
- Instruction Scope
- noteSKILL.md only documents installing/using the RunComfy CLI, the text-to-image endpoint schema, and example runcomfy commands. This stays within scope. Minor note: example usage accepts an arbitrary absolute --output-dir, so a misconfigured invocation could write files anywhere the agent has permission; and enabling web grounding will cause the request to include web context to the RunComfy service (expected behavior for that feature).
- Install Mechanism
- okInstruction-only skill (no install spec). SKILL.md suggests installing the official @runcomfy/cli via npm -g, which is reasonable and traceable; the skill itself does not download arbitrary code.
- Credentials
- noteOnly RUNCOMFY_TOKEN is required, which is proportional to a CLI that authenticates to a model-hosting service. Small metadata inconsistency: the registry metadata lists no primary credential while SKILL.md expects RUNCOMFY_TOKEN โ this is likely just a metadata omission, not a functional mismatch.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/global privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other red flags.