ClawHub

grsai nano-banana 生图技能

Security checks across malware telemetry and agentic risk

Overview

This is a coherent grsai image-generation skill, but users should handle the paid API key carefully and trust the provider before sending prompts or reference images.

Install only if you trust grsai with your prompts, reference image URLs, and generated-image workflow. Use a dedicated revocable API key with spending limits if possible, avoid typing real keys directly into command lines, do not override the base URL unless you trust it, and treat provider content blocks as rules to follow rather than filters to evade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'image_url' from requests.post (line 194, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
def download_image(image_url, output_path):
    """下载图片"""
    try:
        response = requests.get(image_url, timeout=120)
        response.raise_for_status()
        
        output_path.parent.mkdir(parents=True, exist_ok=True)
Confidence
93% confidence
Finding
response = requests.get(image_url, timeout=120)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README demonstrates passing the API key directly on the command line (`--api-key "sk-xxx"`) without warning that command-line arguments can be exposed through shell history, process listings, logs, screenshots, or terminal recording. In the context of a paid external API, leaked credentials can enable unauthorized usage, billing abuse, and account compromise of the service integration.

Vague Triggers

Medium
Confidence
71% confidence
Finding
The natural-language trigger text is broad enough that ordinary user conversation about generating an image could invoke the skill without a clear, bounded command pattern. In an agent environment, this can cause unintended external API calls, billing consumption, and transmission of user content to the remote provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation repeatedly instructs users to pass API keys directly on the command line. Command-line secrets are commonly exposed via shell history, process listings, logs, screenshots, and telemetry, making credential theft significantly easier.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal