ClawHub

Nano Banana Pro CN

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal image-generation skill that sends user prompts and selected images to APIYI, with privacy and API-key handling caveats but no evidence of malicious behavior.

Install only if you trust APIYI and the publisher with the prompts and images you provide. Use a dedicated API key, prefer environment variables or a secret manager over command-line keys, and avoid sending confidential, personal, or regulated images unless you are comfortable with remote processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The API key guidance is inconsistent and explicitly documents passing secrets on the command line. Command-line secrets are commonly exposed through shell history, process listings, logs, and telemetry, so encouraging this path can leak credentials even if environment variables are preferred elsewhere.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The script metadata and comments describe the skill as using NanoBananaPro/Gemini 3 Pro, but the actual endpoint invoked is a different specific model path. This mismatch can mislead users and reviewers about what remote service is processing their prompts and images, undermining informed consent, auditability, and trust for a tool that uploads potentially sensitive local files.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The CLI help text states the tool is based on Gemini 3 Pro, while the skill description claims NanoBananaPro. In a security-sensitive context, inaccurate model identification is a real transparency issue because users may rely on those claims when deciding whether to send private prompts or images to the external API.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script uploads prompt text and base64-encoded local images to a remote third-party API, but it does not present an explicit privacy warning or require user acknowledgment at transmission time. Because this skill is specifically designed to process user-supplied images, the context makes the issue more serious: users may send personal, confidential, or regulated data off-device without clear notice.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends user prompts and base64-encoded input images to a remote third-party API, but it does not provide an explicit consent or privacy warning at runtime. In this skill context, users may provide sensitive images or confidential text, so silent transmission to an external proxy service increases privacy and data-handling risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes very generic phrases such as '生成图片', '图片生成', and 'generate image', which can match a wide range of ordinary user requests and cause the skill to be invoked too broadly. In an agent environment, over-broad routing can expose user prompts, attached images, or editing requests to this external image-generation skill when a narrower or more appropriate tool should have been selected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal