Nano Banana Pro
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—generate or edit images with Google Gemini—but users should notice that it uses a Gemini API key, sends prompts/images to Google, and relies on runtime Python dependencies.
This skill is reasonable to use for Gemini-based image generation/editing. Before installing, confirm you are comfortable providing a Gemini API key, sending prompts or images to Google, and allowing the script to write image files in your working directory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The user must provide or expose a Gemini API key for the skill to work.
The skill needs a Gemini API credential even though the registry metadata declares no required env vars or primary credential.
The script checks for API key in this order: 1. `--api-key` argument ... 2. `GEMINI_API_KEY` environment variable
Use a dedicated, least-privileged Gemini API key if possible, prefer environment variables over pasting secrets into chat, and rotate the key if it is accidentally shared.
Prompts and any input images may be processed by the external Gemini service.
When editing, the script sends the local input image and prompt to Google's Gemini API; this is expected for image editing but can involve private visual content.
contents = [input_image, args.prompt] ... response = client.models.generate_content(model="gemini-3.1-flash-image-preview", contents=contents,
Do not use sensitive or confidential images/prompts unless you are comfortable sending them to the Gemini API under your account and applicable data terms.
Running the skill may install or use newer versions of these Python packages than the author originally tested.
The script relies on runtime package resolution with broad lower-bound dependency versions and no lockfile in the provided artifacts.
# dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
If reproducibility matters, pin dependency versions or review the resolved packages before use.
A mistaken or overly broad filename path could create directories or overwrite an existing output file.
The script writes the generated image to a user-supplied path and creates parent directories, which is normal for an image generator but gives the command file-write capability.
output_path = Path(args.filename) output_path.parent.mkdir(parents=True, exist_ok=True)
Use simple filenames in the current working directory unless you intentionally want to save elsewhere.