NBP
AdvisoryAudited by VirusTotal on Apr 18, 2026.
Overview
Type: OpenClaw Skill Name: nanobananapro Version: 1.0.0 The skill is a legitimate implementation for generating and editing images using Google's Gemini API. The Python script `scripts/generate_image.py` uses the official `google-genai` and `pillow` libraries to handle image processing and API communication, with no evidence of data exfiltration, unauthorized file access, or malicious execution. The instructions in `SKILL.md` are well-structured for an AI agent and do not contain any prompt-injection attacks or deceptive directives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can consume quota or billable API usage for the Gemini account tied to the key.
The skill requires a Gemini API key to access Google's image API. This is purpose-aligned, but it is still delegated account/API authority and the registry metadata does not declare a primary credential.
The script checks for API key in this order: 1. `--api-key` argument ... 2. `GEMINI_API_KEY` environment variable
Prefer setting GEMINI_API_KEY in the environment rather than pasting keys into chat or command arguments, and use a key with only the access needed.
Private prompts or images provided for editing will leave the local machine and be processed by Google's API.
The prompt and, when editing, the selected input image are sent to Google's Gemini API. This provider data flow is expected for the stated purpose and is not hidden.
response = client.models.generate_content(
model="gemini-3-pro-image-preview",
contents=contents,Only use input images and prompts that you are comfortable sending to Google, and review the provider's data-use terms if the content is sensitive.
Future runs may use newer dependency versions than the reviewer saw, which can change behavior or introduce supply-chain risk.
The script relies on runtime Python packages with lower-bound version constraints rather than pinned versions. This is common for uv scripts but means resolved package versions can change over time.
dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
Pin dependency versions or use a lockfile if reproducibility is important; users should install from trusted package indexes.
Users may have less certainty about which package/version/source they are reviewing or installing.
The included metadata differs from the supplied registry metadata, which lists a different owner ID, slug, and version. This is a provenance inconsistency, not evidence of malicious behavior.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "nano-banana-pro", "version": "1.0.1"
Verify the package identity and installed path before use, especially because this skill handles an API key.