nano-banana-pdf-edit
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent and purpose-aligned, but it edits local PDFs through an external CLI and sends PDF content to Google Gemini using your API key.
Before installing, make sure you are comfortable installing the nano-pdf dependency and sending the relevant PDF content to Gemini using your paid API key. Keep backups of original PDFs, review generated commands for the correct file and pages, and avoid using the skill on confidential documents unless your policy permits that external processing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken command could edit the wrong PDF pages or produce an unintended output document.
The skill directs the agent to run a local CLI that modifies or creates PDF output. This is central to the skill's purpose, but users should ensure the intended file, page numbers, prompts, and output path are used.
Run nano-pdf and present the output PDF to the user
Keep an original copy of important PDFs and review the generated command, page numbers, and output filename before running edits on sensitive or business-critical documents.
Using the skill may consume paid Gemini API quota under the user's account.
The skill requires a paid Gemini API key so nano-pdf can call Google's image model. This is expected for the stated integration, but it grants API usage authority and may incur costs.
GEMINI_API_KEY — A paid Google Gemini API key ... export GEMINI_API_KEY="your_key"
Use a dedicated Gemini API key where possible, apply spending limits or monitoring, and avoid exposing the key in prompts, logs, or shared terminals.
The actual behavior of the installed dependencies depends on the packages retrieved from package managers at install time.
The skill relies on installing third-party CLI and system packages from package managers. This is consistent with the PDF-editing purpose, but the artifacts do not pin dependency versions.
nano-pdf — `pip install nano-pdf` ... poppler ... `brew install poppler` ... tesseract ... `brew install tesseract`
Install dependencies from trusted package sources, consider pinning or reviewing the nano-pdf package version, and avoid unnecessary elevated privileges during installation.
Sensitive PDF content may leave the local machine and be processed by Google's Gemini service.
The documented workflow sends rendered PDF page content and prompts to an external Google model. The skill also documents context options that can include full PDF text.
converts PDF pages to images, sends them to Google's Gemini 3 Pro Image with your edit instructions
Use this only for PDFs you are allowed to send to Gemini. For sensitive files, consider using `--no-use-context` when full-document text is unnecessary and `--disable-google-search` if you do not want search grounding.