ClawHub

nano-banana-pro-openrouter

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: generate or edit images through OpenRouter, with normal privacy and API-key cautions.

Install only if you are comfortable sending prompts and any supplied input images to OpenRouter and its model providers. Prefer OPENROUTER_KEY in your environment instead of passing an API key in chat or command-line arguments, and avoid using confidential, regulated, or personal images unless that use is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation instructs use of shell execution, network access to OpenRouter, and environment-variable/API-key handling, but no explicit permissions are declared. That mismatch weakens security review and consent boundaries because an agent may invoke capabilities the user or platform did not expect. In this context, the skill is explicitly designed to call an external image API, so the issue is real but more about unsafe capability disclosure than covert abuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users to send prompts and optionally local input images to a third-party API, but it does not prominently warn that user content will leave the local environment. This creates a real privacy and data-handling risk, especially if users supply sensitive images, proprietary designs, or confidential prompts under the assumption the processing is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal