ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nano Banana

v1.0.0

Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image). Use for image create/modify requests incl. edits. Supports text-to-image + image-to-image; 1K...

0· 155·0 current·0 all-time
by@keyserkazi1·duplicate of @namebekc/my-nano-image
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to generate/edit images via Google's Gemini (Nano Banana / Gemini 3 Pro Image) and the included script implements that (uses google.genai, calls model 'gemini-3-pro-image-preview'). However the registry metadata declares no required environment variables or primary credential while the script and SKILL.md clearly require a GEMINI_API_KEY or --api-key. Also the _meta.json ownerId does not match the registry ownerId, creating an ownership/metadata inconsistency.
Instruction Scope
SKILL.md and the script limit actions to generating or editing images and saving them to disk. The runtime instructions only reference the GEMINI API key and local image files; they do not instruct reading unrelated system files or exfiltrating data to unexpected endpoints. The script prints model text output and the saved image path, which is expected for this purpose.
Install Mechanism
There is no install spec despite the script listing dependencies (google-genai, pillow) in comments. That means users/agents must ensure Python >=3.10 and install those packages themselves. Absence of an install step is not malicious but is an inconsistency and could lead to runtime failures.
!
Credentials
The script requires a GEMINI_API_KEY (or --api-key) to operate, but the registry lists no required env vars or primary credential — this is a mismatch. Requesting a single API key for the external image model is proportionate to the stated purpose, but the missing declaration and lack of guidance about key scope/permissions raises concern.
Persistence & Privilege
The skill is not always-included, is user-invocable, and does not request elevated or persistent privileges. It does not modify other skills or global agent settings.
What to consider before installing
This skill appears to implement Gemini-based image generation and editing and does not contain obvious exfiltration. However: - The script requires a GEMINI_API_KEY (or --api-key) but the registry metadata does not declare that requirement — verify you are comfortable supplying an API key and that the key has appropriate (limited) permissions and quota. - There is no install spec: you must ensure Python >=3.10 and install google-genai and pillow before running. Consider running it in an isolated environment (virtualenv/container) first. - Metadata mismatch: ownerId in _meta.json differs from registry ownerId and the source/homepage are unknown. Prefer skills with a verifiable source or published homepage. - Review the code yourself (or have someone you trust review it) before providing credentials. If you proceed, keep the API key scoped to a dedicated account, avoid reusing high-privilege keys, and run the script from a sandbox until you confirm behavior. If you want, I can list the exact commands to create a virtualenv and install the dependencies, or help you verify the GEMINI API key scope and revoke it later.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cm3tqw4y5y185511r9vq3js830x77

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Nano Banana Pro Image Generation & Editing

Generate new images or edit existing ones using Google's Nano Banana Pro API (Gemini 3 Pro Image).

Usage

Run the script using absolute path (do NOT cd to skill directory first):

Generate new image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "your image description" --filename "output-name.png" [--resolution 1K|2K|4K] [--api-key KEY]

Edit existing image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "editing instructions" --filename "output-name.png" --input-image "path/to/input.png" [--resolution 1K|2K|4K] [--api-key KEY]

Important: Always run from the user's current working directory so images are saved where the user is working, not in the skill directory.

Default Workflow (draft → iterate → final)

Goal: fast iteration without burning time on 4K until the prompt is correct.

  • Draft (1K): quick feedback loop
    • uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "<draft prompt>" --filename "yyyy-mm-dd-hh-mm-ss-draft.png" --resolution 1K
  • Iterate: adjust prompt in small diffs; keep filename new per run
    • If editing: keep the same --input-image for every iteration until you’re happy.
  • Final (4K): only when prompt is locked
    • uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "<final prompt>" --filename "yyyy-mm-dd-hh-mm-ss-final.png" --resolution 4K

Resolution Options

The Gemini 3 Pro Image API supports three resolutions (uppercase K required):

  • 1K (default) - ~1024px resolution
  • 2K - ~2048px resolution
  • 4K - ~4096px resolution

Map user requests to API parameters:

  • No mention of resolution → 1K
  • "low resolution", "1080", "1080p", "1K" → 1K
  • "2K", "2048", "normal", "medium resolution" → 2K
  • "high resolution", "high-res", "hi-res", "4K", "ultra" → 4K

API Key

The script checks for API key in this order:

  1. --api-key argument (use if user provided key in chat)
  2. GEMINI_API_KEY environment variable

If neither is available, the script exits with an error message.

Preflight + Common Failures (fast fixes)

  • Preflight:

    • command -v uv (must exist)
    • test -n \"$GEMINI_API_KEY\" (or pass --api-key)
    • If editing: test -f \"path/to/input.png\"

  • Common failures:

    • Error: No API key provided. → set GEMINI_API_KEY or pass --api-key
    • Error loading input image: → wrong path / unreadable file; verify --input-image points to a real image
    • “quota/permission/403” style API errors → wrong key, no access, or quota exceeded; try a different key/account

Filename Generation

Generate filenames with the pattern: yyyy-mm-dd-hh-mm-ss-name.png

Format: {timestamp}-{descriptive-name}.png

  • Timestamp: Current date/time in format yyyy-mm-dd-hh-mm-ss (24-hour format)
  • Name: Descriptive lowercase text with hyphens
  • Keep the descriptive part concise (1-5 words typically)
  • Use context from user's prompt or conversation
  • If unclear, use random identifier (e.g., x9k2, a7b3)

Examples:

  • Prompt "A serene Japanese garden" → 2025-11-23-14-23-05-japanese-garden.png
  • Prompt "sunset over mountains" → 2025-11-23-15-30-12-sunset-mountains.png
  • Prompt "create an image of a robot" → 2025-11-23-16-45-33-robot.png
  • Unclear context → 2025-11-23-17-12-48-x9k2.png

Image Editing

When the user wants to modify an existing image:

  1. Check if they provide an image path or reference an image in the current directory
  2. Use --input-image parameter with the path to the image
  3. The prompt should contain editing instructions (e.g., "make the sky more dramatic", "remove the person", "change to cartoon style")
  4. Common editing tasks: add/remove elements, change style, adjust colors, blur background, etc.

Prompt Handling

For generation: Pass user's image description as-is to --prompt. Only rework if clearly insufficient.

For editing: Pass editing instructions in --prompt (e.g., "add a rainbow in the sky", "make it look like a watercolor painting")

Preserve user's creative intent in both cases.

Prompt Templates (high hit-rate)

Use templates when the user is vague or when edits must be precise.

  • Generation template:

    • “Create an image of: <subject>. Style: <style>. Composition: <camera/shot>. Lighting: <lighting>. Background: <background>. Color palette: <palette>. Avoid: <list>.”

  • Editing template (preserve everything else):

    • “Change ONLY: <single change>. Keep identical: subject, composition/crop, pose, lighting, color palette, background, text, and overall style. Do not add new objects. If text exists, keep it unchanged.”

Output

  • Saves PNG to current directory (or specified path if filename includes directory)
  • Script outputs the full path to the generated image
  • Do not read the image back - just inform the user of the saved path

Examples

Generate new image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "A serene Japanese garden with cherry blossoms" --filename "2025-11-23-14-23-05-japanese-garden.png" --resolution 4K

Edit existing image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "make the sky more dramatic with storm clouds" --filename "2025-11-23-14-25-30-dramatic-sky.png" --input-image "original-photo.jpg" --resolution 2K

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…