ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nano Banana Pro Enhanced

v1.0.1

Generate or edit images via Gemini 3 Pro Image (Nano Banana Pro).

0· 370·0 current·0 all-time
byChoi Jiheon@steamb23

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for steamb23/nano-banana-pro-enhanced.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Nano Banana Pro Enhanced" (steamb23/nano-banana-pro-enhanced) from ClawHub.
Skill page: https://clawhub.ai/steamb23/nano-banana-pro-enhanced
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: GEMINI_API_KEY
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install steamb23/nano-banana-pro-enhanced

ClawHub CLI

Package manager switcher

npx clawhub@latest install nano-banana-pro-enhanced
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, required binary (uv), and GEMINI_API_KEY align with an image-generation wrapper for Gemini. The bundled Python script and declared dependencies (google-genai, pillow) are coherent with the stated purpose. Minor mismatch: SKILL.md references setting keys in ~/.clawdbot/clawdbot.json, but the script itself only reads env var or cmdline arg for the API key.
!
Instruction Scope
SKILL.md instructs agents to add an explicit contextual note ('why this image was requested') to a shared HEARTBEAT.md and suggests using cronjobs for timed checks — this asks the agent to create and persist human-readable context which may contain sensitive information. The script also persists pending batch job metadata to a filesystem path (memory/pending-batch-jobs.json). Writing persistent context and 'why' notes is outside pure image-generation and risks leaking user prompts and intent.
Install Mechanism
Install uses a Brew formula (uv) which is a standard package source for the declared runtime binary. The Python dependencies are declared in script comments (likely for uv to manage) but are not explicitly installed in the install spec; this is common with uv-managed scripts but the installer behavior should be confirmed.
Credentials
Only GEMINI_API_KEY is required as an env var (declared as primary credential), which is appropriate for a Gemini integration. The script will upload input images to Google's API for editing (client.files.upload), which is expected for an editing feature but should be explicit to users because local images are transmitted to an external service.
!
Persistence & Privilege
The script writes pending batch job metadata to PENDING_JOBS_PATH computed as Path(__file__).resolve().parent.parent.parent.parent / 'memory' / 'pending-batch-jobs.json' — this climbs four directory levels and may create or modify files outside the skill package directory depending on where the skill is installed. Combined with SKILL.md asking agents to write HEARTBEAT.md and use cronjobs, this gives the skill a persistent footprint that can store user prompts and intent on disk.
What to consider before installing
What to check before installing: 1) Confirm that you are comfortable with input images and (potentially sensitive) prompts being uploaded to Google's Gemini API — the script will call client.files.upload for edits. 2) Inspect and, if needed, change PENDING_JOBS_PATH in scripts/generate_image.py so pending-batch-jobs.json is stored inside a controlled skill directory (not four levels up into an ambiguous filesystem location). 3) Avoid following the SKILL.md advice to record detailed reasons for requests in HEARTBEAT.md (or ensure that file is in a private, ephemeral workspace) because it explicitly instructs the agent to persist human-readable context. 4) If you do not want persistent background checks, do not schedule cronjobs suggested by the SKILL.md; instead perform manual batch checks. 5) Verify how uv will install Python dependencies (google-genai, pillow) in your environment. If these concerns are addressed (pending-jobs path constrained, HEARTBEAT.md guidance removed or limited), the skill would be coherent with its purpose; as-is, treat it with caution.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🍌 Clawdis
Binsuv
EnvGEMINI_API_KEY
Primary envGEMINI_API_KEY

Install

Install uv (brew)
Bins: uv
brew install uv
latestvk9779ww5gtrxwjmvez8kedy3en826bxt
370downloads
0stars
2versions
Updated 20h ago
v1.0.1
MIT-0
Choi Jiheon@steamb23
latest
Download

Nano Banana Pro (Gemini 3 Pro Image)

Use the bundled script to generate or edit images.

Generate

uv run {baseDir}/scripts/generate_image.py --prompt "your image description" --filename "output.png" --resolution 1K --aspect-ratio 16:9

Edit

uv run {baseDir}/scripts/generate_image.py --prompt "edit instructions" --filename "output.png" --input-image "/path/in.png" --resolution 2K

Batch API (50% cheaper, non-blocking)

# Single image
uv run {baseDir}/scripts/generate_image.py --prompt "description" --filename "output.png" --batch

# Multiple images from JSON file
uv run {baseDir}/scripts/generate_image.py --batch-file .tmp/requests.json

# Check / retrieve result of a previous job
uv run {baseDir}/scripts/generate_image.py --batch-check "batches/abc123" --filename "output.png"

Batch file format (JSON array):

[
  {
    "prompt": "a cute cat",
    "filename": "cat.png",
    "resolution": "1K",
    "aspect_ratio": "16:9"
  },
  {
    "prompt": "a dog running",
    "filename": "dog.png",
    "resolution": "2K"
  }
]

Batch notes

  • --batch is always non-blocking: submits the job, prints BATCH_JOB: token, and exits immediately.
  • After submitting, add a temporary check list to HEARTBEAT.md. Include why this image was requested (context/intent), so it's clear even after a session reset. 
    # Temporary Check List

- **Nano Banana Batch job**: <why this image was requested>. Check `batches/abc123` for job result. When ready, retrieve and send to user with mediaUrl parameter. Remove this item after reporting the result.
  • If the user explicitly requests a timed check, use a cronjob instead of HEARTBEAT.md.
  • The script tracks pending jobs in memory/pending-batch-jobs.json. Created on batch submit, removed on --batch-check completion. Format: [{"job_name", "filename", "prompt", "created_at"}]. File is deleted when empty.

API key

  • GEMINI_API_KEY env var
  • Or set skills."nano-banana-pro".apiKey / skills."nano-banana-pro".env.GEMINI_API_KEY in ~/.clawdbot/clawdbot.json

Notes

  • Resolutions: 1K (default), 2K, 4K.
  • Aspect ratios: 1:1, 2:3, 3:2, 3:4, 4:3, 4:5, 5:4, 9:16, 16:9, 21:9. Generation only (ignored for editing).
  • Use timestamps in filenames: YYYYMMDD-hhmmss-name.png.
  • The script outputs the saved file path. To send images via messaging channels, use the mediaUrl parameter in your channel action (e.g., mediaUrl: "/absolute/path/to/output.png").
  • Do not read the image back; report the saved path and use it with mediaUrl to deliver the image to the user.

Comments

Loading comments...