Skillv0.1.1

ClawScan security

Nano Banana 2 Image Gen(基于API易代理站) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 2:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the claimed image-generation capability, but registry metadata and SKILL.md/code disagree about required credentials and there are clear privacy implications (user images/prompts are uploaded to api.apiyi.com).
Guidance: Before installing or using this skill: (1) Be aware it WILL upload your prompt text and any input images (base64) to api.apiyi.com — do not provide sensitive images or prompts you don't want transmitted. (2) The skill requires an API key (APIYI_API_KEY or --api-key) but the registry metadata incorrectly listed no required env vars; expect to provide and protect that key. (3) Verify you trust api.apiyi.com and understand their privacy/retention policies. (4) If you need stronger guarantees (no external upload), do not use this skill. (5) Prefer running the provided scripts locally and inspect them (they are small and readable); confirm the API endpoint and key handling meet your policy before giving the key to the environment.
Findings: [NO_PRESCAN_FINDINGS] unexpected: Static pre-scan reported no injection signals. This is not proof of safety; the scripts contain network calls to api.apiyi.com, which are expected for the declared purpose. [OUTBOUND_HTTP_TO_APIYI] expected: Both scripts POST to https://api.apiyi.com/v1beta/models/gemini-3.1-flash-image-preview:generateContent — this aligns with the skill's stated purpose (image generation via the API易 proxy).

Review Dimensions

Purpose & Capability: concernThe name/description (image generation via NanoBanana2 on api.apiyi.com) match the included scripts and instructions. However the registry metadata lists no required environment variables or primary credential, while SKILL.md and both scripts clearly require an API key (APIYI_API_KEY or --api-key). That metadata mismatch is incoherent and could mislead users about what secrets they must provide.
Instruction Scope: noteSKILL.md and the scripts are consistent: they take a prompt and optional input images, base64-encode images and POST a JSON payload to https://api.apiyi.com/...generateContent. The instructions do not attempt to read unrelated system paths or other credentials. Important operational behavior: user prompts and any input images (encoded as base64) are transmitted to an external API service — this is expected for an image-editing/generation skill but has privacy/security implications that are not emphasized in the registry metadata.
Install Mechanism: okNo install spec or remote downloads are present; this is an instruction-only skill with included Python/Node scripts. Nothing in the files attempts to fetch or execute arbitrary third-party code during install.
Credentials: concernThe code requires an API key (APIYI_API_KEY or command-line -k) to call the api.apiyi.com service. The skill registry, however, declared 'Required env vars: none' and 'Primary credential: none' — that contradicts the actual need to supply a secret. The requested credential (single API key) is proportional to the stated purpose, but the metadata omission is misleading.
Persistence & Privilege: okThe skill does not request persistent presence (always: false). It does not modify other skills or system-wide settings. Autonomous invocation is allowed by default (disable-model-invocation: false) which is normal for skills; this combined with the metadata mismatch raises no new privilege concerns beyond the usual caution about granting API keys.