ClawHub

Nanobanana

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward image generation/editing skill that uses a disclosed third-party API and saves generated images locally.

Install only if you trust the configured API endpoint. Avoid using private images or sensitive prompts unless you are comfortable sending them to that service, and keep any real API key out of shared files or published skill bundles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is overly broad, activating on generic phrases like '生成图片' and 'AI画图' without clear boundaries or user-confirmation requirements. In an agent environment, this can cause the skill to be invoked unexpectedly, routing user content or images to an external API when the user may not have intended to use this specific third-party service.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation states that generated images are written to an output directory but does not clearly warn users that files will be persisted to local disk. Because this skill handles image generation and image editing, outputs may contain sensitive or user-supplied visual data, and silent persistence increases the risk of unintended retention, later disclosure, or misuse by other local processes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
When an input image is provided, the script reads the local file, base64-encodes it, and sends it to a remote third-party API endpoint without any explicit privacy warning or consent checkpoint. This can expose sensitive local image contents to an external service, especially because the configured baseURL is a non-official custom domain, which increases data-handling uncertainty.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal