Back to skill
Skillv1.0.1
VirusTotal security
Nano Banana Prompting Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:18 AM
- Hash
- 28a726704197c28e6cade51f8524e29b8af3a2fdc165205a7be99cf21908aa72
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nano-banana-prompting Version: 1.0.1 The skill instructs the AI agent to execute a local Python script (`generate_image.py`) with arguments, including a `--filename` argument. The `SKILL.md` file contains an explicit 'Security Note' warning the agent: 'Never pass unsanitized user input directly as the filename.' While this warning demonstrates developer awareness and an attempt to mitigate risk, it highlights a potential command injection or path traversal vulnerability if the agent fails to sanitize user input or if the external `generate_image.py` script (which is not part of this bundle) is vulnerable. This constitutes a risky capability that could lead to an RCE, classifying the skill as suspicious rather than benign, despite the lack of clear malicious intent within the provided files.
- External report
- View on VirusTotal