Back to skill
Skillv1.0.1
VirusTotal security
Nano Banana Pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:00 AM
- Hash
- 42d41782d4c3c790e22e0eb26a444ea386e234cbdd75b9a57a10a55dab6ca98e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nano-banana-pro Version: 1.0.1 The `scripts/generate_image.py` script allows reading arbitrary local files specified via the `--input-image` argument using `PIL.Image.open()`. If the provided path points to a sensitive file (e.g., a screenshot of credentials, or a document containing PII) that PIL can successfully open, its content will be sent to the external Google Gemini API (`gemini-3-pro-image-preview`). While the stated purpose is image editing, this capability presents a significant data exfiltration risk if the agent is prompted to provide paths to sensitive files, even without explicit malicious intent from the skill developer.
- External report
- View on VirusTotal