ClawHub

Nano Banana Pro Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Media.io image-generation skill, with expected external API use and API-key handling disclosed enough for installation guidance.

Install only if you are comfortable giving the skill a Media.io API key, spending Media.io credits, and sending prompts or reference image URLs to Media.io. Use a revocable or dedicated API key if available, avoid confidential prompts or private image URLs, and consider pinning the `requests` dependency in a virtual environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation and examples show access to environment variables, file-based configuration, and outbound network calls, but the skill frontmatter does not declare corresponding permissions/capabilities. This weakens review and sandboxing assumptions because operators may approve the skill as lower-risk than it actually is, while it can still read secrets and communicate externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill is presented as a narrowly scoped image generator, but the implementation pattern uses a generic router over an external API definition file, which can expose additional Media.io operations beyond image generation. That mismatch is dangerous because users and reviewers may authorize the skill expecting limited behavior, while the skill can invoke broader APIs and potentially transmit more data or perform unintended account actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends user prompts and optional image URLs to a third-party API but does not disclose privacy or data-sharing implications. This is risky because prompts and referenced images may contain sensitive personal, proprietary, or regulated information, and users are not warned before that data leaves the local environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation clearly describes sending API-key-authenticated requests, user credit queries, task identifiers, prompts, and image URLs to Media.io, but it provides no disclosure that user-provided content and metadata are transmitted to a third-party service. In an agent skill context, missing transparency around external data transfer can lead to unintended disclosure of sensitive prompts, images, and account-linked metadata.

External Transmission

Medium
Category
Data Exfiltration
Content
"description": "API to query user credits balance.",
    "api_header": "{\"list\": [{\"name\": \"X-API-KEY\", \"value\": \"API key to authorize requests\"}, {\"name\": \"Content-Type\", \"value\": \"application/json\"}], \"title\": \"Authorizations\", \"describe\": \"Add the following authorization information in the request header\"}",
    "api_body": "{\"title\": \"Request Body\", \"category\": [{\"list\": [], \"title\": \"Query Credits\", \"describe\": \"Request body to query user credits balance\"}]}",
    "api_request_demo": "{\"title\": \"Example Request\", \"request\": [{\"title\": \"Query User Credits\", \"language\": \"cURL\", \"code_example\": \"curl --request POST \\\\n  --url https://openapi.media.io/user/credits \\\\n  --header 'Content-Type: application/json' \\\\n  --header 'X-API-KEY: <api-key>' \\\\n  --data '{}'\"}]}",
    "api_response": "{\"list\": [{\"name\": \"code\", \"type\": \"integer\", \"describe\": \"Response status code, 0 indicates success\"}, {\"name\": \"msg\", \"type\": \"string\", \"describe\": \"Response message, empty string on success\"}, {\"name\": \"data\", \"type\": \"object\", \"describe\": \"Response data object\"}, {\"name\": \"credits\", \"type\": \"integer\", \"describe\": \"User credits balance, located within the data object\"}], \"title\": \"Response\", \"describe\": \"After the request is successfully processed, the server will return the following response\"}",
    "api_code_demo": "{\"list\": [{\"code\": \"0\", \"describe\": \"Success\"}, {\"code\": \"40001\", \"describe\": \"Invalid API key\"}, {\"code\": \"40002\", \"describe\": \"API key expired\"}], \"title\": \"Status Code\"}",
    "content": null,
Confidence
90% confidence
Finding
curl --request POST \\\\n --url https://openapi.media.io/user/credits \\\\n --header 'Content-Type: application/json' \\\\n --header 'X-API-KEY: <api-key>' \\\\n --data '{}'\"}]}", "api_respon

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal