sudocode-nano-banana2
v1.0.1Generate or edit images with Sudocode's nano-banana2 image service. Use when the user wants text-to-image or image-to-image generation through the bundled Su...
⭐ 0· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Sudocode Nano Banana2 image generation) aligns with the provided scripts and runtime behavior: the code posts prompts and optional input images to a Sudocode-compatible endpoint and saves results locally. The MODEL identifier difference is documented in SKILL.md and the code.
Instruction Scope
Instructions remain within the stated purpose. They instruct initializing/storing an API key, calling the bundled script, and sending results back to the user. Note: the initializer writes credentials to ~/.openclaw/.env and the runtime writes logs under a 'logs' directory next to the output file — this is expected for this skill but worth being aware of.
Install Mechanism
No install spec (instruction-only packaging) and no downloaded binaries. The SKILL.md suggests pip-installing 'requests' if missing; this is proportionate to the script's use of the requests library.
Credentials
The only required secret is SUDOCODE_IMAGE_API_KEY (primary credential) and an optional SUDOCODE_BASE_URL; that matches the code and SKILL.md. Minor inconsistency: the top summary in the provided metadata listed 'Required env vars: none', whereas _meta.json and the code declare SUDOCODE_IMAGE_API_KEY as required — confirm the registry metadata before trusting an automated listing.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It persists the API key to ~/.openclaw/.env (its own config area) and writes per-run logs/images to local disk; these are normal for a client that needs an API key and produces files.
Assessment
This package appears to be a straightforward client for Sudocode image generation. Before installing: 1) Confirm you trust the Sudocode service (sudocode.run / sudocode.us) because your API key will be sent there. 2) Note that the initializer will store the API key in ~/.openclaw/.env; if you prefer not to persist secrets to disk, provide the key via environment variables at runtime instead. 3) The skill writes per-run logs beside your output files — clean up sensitive artifacts if needed. 4) Verify the registry metadata mismatch about required env vars (the package does require SUDOCODE_IMAGE_API_KEY). If you have doubts, run the scripts in an isolated environment or review the two Python files (they are short and readable).Like a lobster shell, security has layers — review code before you run it.
latestvk97f08yvpeay07jqf9z2pxgkp1832m5p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.