the ai painting interface of suichuang api
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward image-generation skill, with low-risk notes that it sends prompts and an API key to an external image API.
This appears safe to install if you intend to use the NanaBanana image API. Before using it, verify the external provider, use a dedicated limited API key, and avoid sending private or sensitive prompt content.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume quota or paid usage on the API key supplied for the NanaBanana service.
The skill expects a provider API key and uses it in API requests. This is purpose-aligned for an image-generation integration, but users should recognize that a credential is needed even though registry metadata lists no primary credential.
所有接口共用同一密钥:`【你的密钥】` ... Authorization: `【你的密钥】` ... "key": "【你的密钥】"
Use a dedicated, limited-scope API key for this service, do not provide unrelated secrets, and rotate the key if it is accidentally shared.
Prompt text and generated image result handling depend on the external provider, and the API key could appear in provider or intermediary URL logs.
The instructions send user prompts and the API key to an external provider, including putting the key in the query URL for result polling.
POST ... `https://api.wuyinkeji.com/api/async/image_nanoBanana2` ... "prompt": "详细的英文图片描述" ... `https://api.wuyinkeji.com/api/async/detail?key=【你的密钥】&id={task_id}`Avoid including private or sensitive information in prompts, verify the provider before use, and prefer a disposable or limited API key.