ClawHub

Nano Banana 2 Image Gen(基于API易代理站)

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill sends prompts and optional images to a disclosed APIYI/Gemini image endpoint, which matches its stated purpose, with no evidence of hidden persistence or destructive behavior.

Install only if you are comfortable sending your image prompts, any selected input images, and an APIYI bearer token to the APIYI-hosted Gemini image endpoint. Prefer the APIYI_API_KEY environment variable over passing keys on the command line, avoid using sensitive personal or confidential images, and verify the provider/model naming if that affects your data-handling requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to use environment variables and make outbound network requests, but no corresponding permissions are declared. This creates a transparency and policy-enforcement gap: users and hosts may not realize the skill can access secrets and transmit prompts or image data to a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill description says it uses a domestic NanoBanana2 proxy service and 'does not need external internet access', but the body states it uses Gemini 3.1 Flash image generation via https://api.apiyi.com/. This mismatch can mislead users about the true model, provider, and data flow, causing sensitive prompts or uploaded images to be sent to an unexpected third party.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation claims NanoBanana2 in the manifest but later says the implementation is based on Gemini 3.1 Flash. In a skill that processes user prompts and local images, inaccurate model identification is security-relevant because it obscures the actual remote processor and undermines informed consent and auditing.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script claims to use a NanoBanana2 image service, but the actual request is sent to a Gemini image model endpoint via a third-party proxy. This is a security-relevant mismatch because users may make trust and data-handling decisions based on the documented provider/model, while their prompts, API key, and uploaded images are actually transmitted to a different backend path than advertised.

External Transmission

Medium
Category
Data Exfiltration
Content
---
name: nano-banana-2-image-gen
description: 图片生成技能,当用户需要生成图片、视觉信息图、创建图像、编辑/修改/调整已有图片时使用此技能。基于中国的API易代理站(https://api.apiyi.com/)的NanoBanana2模型的图片生成服务,无需访问外网。支持14种宽高比的图片比例(`1:1`、`16:9`、`9:16`、`4:3`、`3:4`、`3:2`、`2:3`、`5:4`、`4:5`、`1:4`、`4:1`、`1:8`、`8:1`、`21:9`等)和3种分辨率(1K、2K、4K),支持文生图和图生图编辑。基于谷歌的NanoBanana2模型(快速模型),使用API易国内代理服务访问。
---

# 图片生成与编辑
Confidence
91% confidence
Finding
https://api.apiyi.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal