Nano Banana Image Creator
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts or images used for editing may be transmitted to Google’s API.
The script sends the user prompt and, for edits, the selected input image to Google’s Gemini image API. This is disclosed and purpose-aligned, but it means user-provided content leaves the local environment.
response = client.models.generate_content(
model="gemini-3-pro-image-preview",
contents=contents,Do not use sensitive or confidential images/prompts unless you are comfortable sending them to the Gemini API under Google’s terms.
A Gemini API key is needed and could be exposed in chat history or command logs if passed directly as an argument.
The skill requires a Gemini API key, which is expected for the stated provider integration. Passing a key in chat or on the command line is more exposed than using an environment variable.
The script checks for API key in this order: 1. `--api-key` argument (use if user provided key in chat) 2. `GEMINI_API_KEY` environment variable
Prefer setting `GEMINI_API_KEY` in the environment instead of pasting API keys into chat or command arguments.
Future package versions could change behavior or introduce compatibility/security issues.
The script relies on runtime-resolved Python dependencies with minimum-version ranges rather than exact pins. This is common for `uv run` scripts but gives less reproducibility than pinned dependencies.
# dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
Use trusted package indexes and consider pinning exact dependency versions if reproducibility is important.
Installing and using the skill allows the agent to run this local image-generation script when invoked.
The skill instructs the agent to execute a local Python helper script. This is central to the skill’s purpose and the included source is straightforward, but it is still local code execution.
uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "your image description" --filename "output-name.png"
Review the script before use if you have strict local-execution policies; no hidden or unrelated commands were found in the provided source.