Gemini Image Generator

PassAudited by ClawScan on May 10, 2026.

Overview

This skill appears purpose-aligned for Gemini image generation, but it uses API credentials and sends prompts or selected images to the configured provider endpoint.

Install only if you trust the skill source, Python dependencies, and API endpoint. Use a dedicated Gemini API key, keep unrelated secrets out of shared .env files, and only provide images you are comfortable sending to the configured provider.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

Credentials stored in those .env files become available to the image-generation process, even though the shown configuration only uses Gemini-related variables.

Why it was flagged

The script automatically loads .env files from workspace, global OpenClaw, and skill-local locations and imports all key/value pairs into the process environment.

Skill content

global_env = home / ".openclaw" / ".env" ... skill_env = skill_dir / ".env" ... os.environ[key] = value

Recommendation

Use a dedicated skill-local .env containing only the needed Gemini settings, and avoid placing unrelated secrets in shared .env files.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

A provider or proxy endpoint can see the prompt and uploaded images, and an untrusted endpoint could log or retain them.

Why it was flagged

The script sends the configured API key plus prompts and any selected input images to the configured Gemini/OpenAI-compatible endpoint.

Skill content

url = f"{base_url}/chat/completions" ... "Authorization": f"Bearer {config['api_key']}" ... "image_url": {"url": f"data:image/png;base64,{b64}"}

Recommendation

Use a trusted API endpoint and avoid submitting private images or sensitive prompt content unless you accept that provider’s handling of the data.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Running the skill can depend on current package-index contents; a compromised or unexpectedly changed dependency could affect the local execution environment.

Why it was flagged

The uv script declares version ranges rather than pinned dependency versions, so runtime resolution may install newer package versions.

Skill content

# dependencies = [
#     "httpx>=0.27.0",
#     "pillow>=10.0.0",
#     "google-genai>=1.0.0",
# ]

Recommendation

Install from trusted sources, consider pinning or reviewing dependency versions in controlled environments, and avoid running installer snippets from sources you do not trust.