Nano banana
ReviewAudited by ClawScan on May 10, 2026.
Overview
This mostly behaves like an image-generation tool, but its hard-coded execution path and inconsistent package metadata create a provenance concern while it uses a Gemini API key and can upload images to Google.
Review and correct the package path/metadata mismatch before installing. If you use it, verify the exact script being run, use a scoped Gemini API key via environment variable, and only upload images you are comfortable sending to Google.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could run a different local script than the one reviewed here, and that script would receive prompts, file paths, and possibly the user's Gemini API key.
The documented command hard-codes a Codex skill path named nano-banana-pro, while the supplied registry item is nano-banana-v3 and _meta.json reports different owner/slug/version values. That makes the executed script's provenance ambiguous.
uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt ...
Fix the slug/path/metadata mismatch and invoke the reviewed script via the installed skill's actual path before providing credentials or image files.
Running the skill may install or use versions of google-genai and pillow selected at runtime.
The script relies on uv-style inline dependencies with lower-bound version constraints and no lockfile in the supplied artifacts. This is common for script-based tools, but it means package resolution is not fully pinned.
dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
Prefer a lockfile or pinned dependency versions if reproducibility is important.
Using the skill gives the script access to the user's Gemini API quota/account for image generation.
A Gemini API key is expected for this provider integration, but the registry metadata declares no primary credential or required environment variable.
The script checks for API key in this order: 1. `--api-key` argument ... 2. `GEMINI_API_KEY` environment variable
Use a scoped Gemini key where possible, prefer an environment variable over pasting keys in chat, and revoke the key if it is exposed.
Private or sensitive images selected for editing will be transmitted to Google for processing.
For image edits, the selected local image and prompt are sent to Google's Gemini API. This is disclosed and aligned with the image-editing purpose.
contents = [input_image, args.prompt] ... response = client.models.generate_content(
Only provide images and prompts you are comfortable sending to the Gemini API.
A poorly chosen filename could create directories or overwrite an existing file.
The script writes output to the supplied filename and creates parent directories. SKILL.md discloses this behavior, and it is central to saving generated images, but it can affect arbitrary paths the user or agent supplies.
output_path = Path(args.filename) output_path.parent.mkdir(parents=True, exist_ok=True)
Use unique filenames in the current working directory unless you intentionally want to write elsewhere.