Back to skill
Skillv1.0.0
VirusTotal security
Nano Banana Cut 图片生成切割,用于短视频创作,解决角色一致性问题和故事叙事 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 1:01 PM
- Hash
- 458d0bef8e93fbc1e674a3db1770c1ae7854a63e1a328bfe554fd0dc750880a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nano-banana-cut Version: 1.0.0 The skill bundle provides a functional AI image generation and processing tool, but contains significant security vulnerabilities. Specifically, the `serve_file` route in `server.py` is vulnerable to path traversal, potentially allowing arbitrary file reads from the host system by joining user-provided paths with the root directory. Additionally, the `open_folder` endpoint in `server.py` uses `os.startfile` on paths retrieved from the database without sufficient validation, and the configuration in `set.json` includes hardcoded local file paths specific to the developer's environment (e.g., `C:/Users/86137/Desktop/banana`). While these appear to be unintentional security flaws rather than deliberate malware, they pose a risk to the host environment.
- External report
- View on VirusTotal