ClawHub

Nano Banana Pro (Morfeo)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it generates or edits images by sending prompts and selected images to Google’s Gemini image API, then saves the result locally.

Install only if you are comfortable sending your prompts and any specified input or reference images to Google for processing. Avoid using sensitive personal, confidential, or regulated images unless that upload is acceptable, and prefer GEMINI_API_KEY over passing an API key directly on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger text is extremely broad, causing the skill to activate for many generic image-related requests. Over-broad invocation increases the chance the agent will route user content, local file paths, or sensitive images into an external API without a sufficiently specific user intent check, which can create privacy and data-handling risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to always save output in the user's current working directory can cause files to be written into sensitive or unintended locations, especially in shared repositories or directories containing important project assets. This raises risks of accidental overwrite, cluttering tracked workspaces, or placing generated content where it may later be committed or exposed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends user prompts and any provided input/reference images to Google's external API, but gives no explicit notice or consent checkpoint at the point of transmission. In a skill context that may operate on user-supplied local images, this can expose sensitive personal or proprietary data to a third party unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal