ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NBP

v1.0.0

Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image). Use for image create/modify requests incl. edits. Supports text-to-image + image-to-image; 1K...

0· 72·0 current·0 all-time
by@youthzenith·duplicate of @namebekc/my-nano-image

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for youthzenith/nanobananapro.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "NBP" (youthzenith/nanobananapro) from ClawHub.
Skill page: https://clawhub.ai/youthzenith/nanobananapro
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install nanobananapro

ClawHub CLI

Package manager switcher

npx clawhub@latest install nanobananapro
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's purpose (Nano Banana Pro / Gemini image generation) matches the code and SKILL.md: the script calls google.genai and uses image generation. However the registry metadata declares no required environment variables or binaries while both the SKILL.md and the script require a GEMINI_API_KEY and expect the 'uv' runtime. Also the script lists python dependencies (google-genai, pillow) in its header comments but the skill manifest provides no install spec. There is also a mismatch between ownerId in the provided registry metadata and _meta.json, which is suspicious/inconsistent.
Instruction Scope
SKILL.md instructs the agent to run the included Python script to generate or edit images and to supply an API key either via --api-key or GEMINI_API_KEY. The instructions do not ask the agent to read unrelated files, exfiltrate data, or contact unexpected endpoints; they limit I/O to image files and the Gemini API. The note to run from the user's working directory and to not read images back is consistent with the stated purpose.
Install Mechanism
There is no install spec (instruction-only skill), which is low risk. The included script, however, depends on external Python packages (google-genai, pillow) and the 'uv' runner; these are only listed in comments and in SKILL.md preflight but are not enforced or declared in the registry. That discrepancy is noteworthy because required packages must be present for the skill to work.
!
Credentials
The script and SKILL.md explicitly require a GEMINI_API_KEY (or passing --api-key). Yet the skill's declared required environment variables and primary credential fields are empty. Requesting an API key for the vendor service is reasonable for this functionality, but failing to declare it in the manifest is an incoherence that reduces transparency and makes it harder to audit what secrets the skill will use.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not modify other skills or global agent settings. It runs as an on-demand script and only requires the Gemini API key for operation.
What to consider before installing
This skill's code and README clearly implement a Gemini (Nano Banana Pro) image generator and require a GEMINI_API_KEY and the 'uv' runner plus Python packages (google-genai, pillow). The registry metadata, however, does not declare the GEMINI_API_KEY or required binaries — that's the main inconsistency. Before installing or running: 1) Verify the publisher/owner (ownerId mismatch between inputs and _meta.json). 2) Expect to provide a Google/Gemini API key (GEMINI_API_KEY) — only give this to code you trust; do not paste it into public chat. 3) Ensure you have 'uv' and the Python dependencies installed in a safe environment. 4) If you rely on the skill manifest for security review, ask the publisher to update the registry metadata to explicitly list GEMINI_API_KEY and required binaries/dependencies. If you cannot verify the publisher or do not want to expose your API key, do not install/use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701meh6cmaj0bznc3hbemqed852ehs
72downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@youthzenith
latest
Download

Nano Banana Pro Image Generation & Editing

Generate new images or edit existing ones using Google's Nano Banana Pro API (Gemini 3 Pro Image).

Usage

Run the script using absolute path (do NOT cd to skill directory first):

Generate new image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "your image description" --filename "output-name.png" [--resolution 1K|2K|4K] [--api-key KEY]

Edit existing image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "editing instructions" --filename "output-name.png" --input-image "path/to/input.png" [--resolution 1K|2K|4K] [--api-key KEY]

Important: Always run from the user's current working directory so images are saved where the user is working, not in the skill directory.

Default Workflow (draft → iterate → final)

Goal: fast iteration without burning time on 4K until the prompt is correct.

  • Draft (1K): quick feedback loop
    • uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "<draft prompt>" --filename "yyyy-mm-dd-hh-mm-ss-draft.png" --resolution 1K
  • Iterate: adjust prompt in small diffs; keep filename new per run
    • If editing: keep the same --input-image for every iteration until you’re happy.
  • Final (4K): only when prompt is locked
    • uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "<final prompt>" --filename "yyyy-mm-dd-hh-mm-ss-final.png" --resolution 4K

Resolution Options

The Gemini 3 Pro Image API supports three resolutions (uppercase K required):

  • 1K (default) - ~1024px resolution
  • 2K - ~2048px resolution
  • 4K - ~4096px resolution

Map user requests to API parameters:

  • No mention of resolution → 1K
  • "low resolution", "1080", "1080p", "1K" → 1K
  • "2K", "2048", "normal", "medium resolution" → 2K
  • "high resolution", "high-res", "hi-res", "4K", "ultra" → 4K

API Key

The script checks for API key in this order:

  1. --api-key argument (use if user provided key in chat)
  2. GEMINI_API_KEY environment variable

If neither is available, the script exits with an error message.

Preflight + Common Failures (fast fixes)

  • Preflight:

    • command -v uv (must exist)
    • test -n \"$GEMINI_API_KEY\" (or pass --api-key)
    • If editing: test -f \"path/to/input.png\"

  • Common failures:

    • Error: No API key provided. → set GEMINI_API_KEY or pass --api-key
    • Error loading input image: → wrong path / unreadable file; verify --input-image points to a real image
    • “quota/permission/403” style API errors → wrong key, no access, or quota exceeded; try a different key/account

Filename Generation

Generate filenames with the pattern: yyyy-mm-dd-hh-mm-ss-name.png

Format: {timestamp}-{descriptive-name}.png

  • Timestamp: Current date/time in format yyyy-mm-dd-hh-mm-ss (24-hour format)
  • Name: Descriptive lowercase text with hyphens
  • Keep the descriptive part concise (1-5 words typically)
  • Use context from user's prompt or conversation
  • If unclear, use random identifier (e.g., x9k2, a7b3)

Examples:

  • Prompt "A serene Japanese garden" → 2025-11-23-14-23-05-japanese-garden.png
  • Prompt "sunset over mountains" → 2025-11-23-15-30-12-sunset-mountains.png
  • Prompt "create an image of a robot" → 2025-11-23-16-45-33-robot.png
  • Unclear context → 2025-11-23-17-12-48-x9k2.png

Image Editing

When the user wants to modify an existing image:

  1. Check if they provide an image path or reference an image in the current directory
  2. Use --input-image parameter with the path to the image
  3. The prompt should contain editing instructions (e.g., "make the sky more dramatic", "remove the person", "change to cartoon style")
  4. Common editing tasks: add/remove elements, change style, adjust colors, blur background, etc.

Prompt Handling

For generation: Pass user's image description as-is to --prompt. Only rework if clearly insufficient.

For editing: Pass editing instructions in --prompt (e.g., "add a rainbow in the sky", "make it look like a watercolor painting")

Preserve user's creative intent in both cases.

Prompt Templates (high hit-rate)

Use templates when the user is vague or when edits must be precise.

  • Generation template:

    • “Create an image of: <subject>. Style: <style>. Composition: <camera/shot>. Lighting: <lighting>. Background: <background>. Color palette: <palette>. Avoid: <list>.”

  • Editing template (preserve everything else):

    • “Change ONLY: <single change>. Keep identical: subject, composition/crop, pose, lighting, color palette, background, text, and overall style. Do not add new objects. If text exists, keep it unchanged.”

Output

  • Saves PNG to current directory (or specified path if filename includes directory)
  • Script outputs the full path to the generated image
  • Do not read the image back - just inform the user of the saved path

Examples

Generate new image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "A serene Japanese garden with cherry blossoms" --filename "2025-11-23-14-23-05-japanese-garden.png" --resolution 4K

Edit existing image:

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "make the sky more dramatic with storm clouds" --filename "2025-11-23-14-25-30-dramatic-sky.png" --input-image "original-photo.jpg" --resolution 2K

Comments

Loading comments...