ClawHub

nano-banana-v2-openrouter

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward OpenRouter image generation/editing tool, with ordinary privacy and file-write risks users should understand.

Install only if you are comfortable sending your prompts and any input images to OpenRouter/Gemini. Use OPENROUTER_API_KEY from your environment or a secret manager instead of pasting keys into chat or passing them on the command line, and use unique output filenames to avoid overwriting local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and requires environment access and performs networked API calls, but it does not declare corresponding permissions in the skill manifest/frontmatter. That creates a transparency and policy gap: operators may approve or run the skill without understanding that it can access secrets like OPENROUTER_API_KEY and send data off-host to OpenRouter.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The skill instructs saving outputs into the user's current working directory and even allows specified paths via filename, but it does not warn about file creation or overwrite consequences. In practice this can lead to accidental clobbering of files or unexpected writes into sensitive project directories, especially when filenames are user-influenced.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends the user’s prompt and, when provided, the full input image to OpenRouter, but it does not present any explicit warning or consent step about third-party data transmission. In a skill that may be used with sensitive images or private prompts, this creates a real privacy and compliance risk because users may unknowingly upload confidential content to an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal