Nano Banana
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a straightforward Gemini image-generation wrapper, but users should verify the install path/source and understand that prompts, optional images, and a Gemini API key are sent to Google’s API.
This looks safe for its stated purpose if you intend to use Google Gemini for image generation. Before installing, confirm the actual skill path, make sure you trust the uv/Python dependency environment, use a dedicated Gemini API key where possible, and avoid submitting sensitive images or prompts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the hard-coded path does not match the actual installed skill, the command could fail or could run a different local script with the user’s prompt, image, and API key.
The registry metadata identifies the slug as nano-banana-pro1, while the documented command path and bundled _meta.json use nano-banana-pro. This is an install/provenance ambiguity users should verify, though the included script itself matches the stated image-generation purpose.
uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py
Before use, confirm the actual installed skill directory and ensure the command points to this reviewed script.
Running the skill may install or use external Python packages, so dependency changes could affect behavior over time.
The script relies on uv-managed Python dependencies with lower-bound version constraints rather than pinned versions or a lockfile. This is common for small script skills, but it means dependency provenance matters.
# dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
Use a trusted Python/uv environment and consider pinning or reviewing dependency versions if you need stronger reproducibility.
A Gemini API key may incur usage, quota, or billing effects on the associated account.
The skill uses a Gemini API key to access Google’s image model. This is expected for the stated purpose, but the key grants provider/account quota access.
The script checks for API key in this order: 1. `--api-key` argument (use if user provided key in chat) 2. `GEMINI_API_KEY` environment variable
Prefer a dedicated Gemini API key with limited scope/quota, and use the GEMINI_API_KEY environment variable rather than pasting secrets into chat when possible.
Prompts and any input images may leave the local machine and be processed by Google’s service.
For edits, the script sends the selected input image and prompt to Google’s Gemini API. This is purpose-aligned, but it is an external provider data flow.
contents = [input_image, args.prompt]
...
response = client.models.generate_content(
model="gemini-3-pro-image-preview",
contents=contents,Avoid using confidential or highly sensitive images/prompts unless you are comfortable with the provider’s data handling terms.