ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nano Banana Prompting Skill

v1.0.1

Transform natural language image requests into optimized structured prompts for Gemini image generation. Automatically detects style and builds the perfect p...

0· 612·0 current·0 all-time
by@minilozio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (build optimized Gemini prompts) matches the declared requirements: GEMINI_API_KEY and a CLI runner 'uv'. However the SKILL.md expects a separate 'nano-banana-pro' skill (scripts/generate_image.py) that is not declared in the metadata — an undeclared dependency worth verifying.
Instruction Scope
Instructions are narrowly scoped to: read user request, detect style, build JSON, and call a local generator script via 'uv run'. They advise sanitizing filenames. The only notable scope creep is the explicit reliance on running an external script (nano-banana-pro/scripts/generate_image.py) on the agent's filesystem — that script will execute network I/O (Gemini) and local file writes, so you should inspect that script before use.
Install Mechanism
This is instruction-only with no install spec and no archives to download, so nothing is written or executed by the skill package itself. README suggests optional git install steps for users, which is standard.
Credentials
Only GEMINI_API_KEY is required and declared as the primary credential, which aligns with calling the Gemini image API. No other unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does instruct writing image files to the user's Desktop by default, which is reasonable for its purpose but should be acceptable to the user.
Assessment
This skill appears to do what it says: produce structured Gemini prompts and run a local image generator. Before installing or using it, verify two things: (1) the provenance and behavior of the external generator it calls (nano-banana-pro/scripts/generate_image.py) — inspect that script so you know what it sends to the network and what it writes to disk; (2) the 'uv' binary requirement — confirm which tool 'uv' refers to in your environment and that it's trusted. Also limit the GEMINI_API_KEY permissions if possible and be comfortable with images being saved to your Desktop. If you cannot inspect the external generator, treat the dependency as an untrusted executable and avoid running it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cd4zj1w1nb7sdc55pdseywd81f1ay

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binsuv
EnvGEMINI_API_KEY
Primary envGEMINI_API_KEY

Comments