Back to skill
Skillv1.0.0
VirusTotal security
使用Nano Banana Pro(Gemini 3 Pro Image)通过第三方中转API站清云EchoFlow API生成或编辑图像。支持图像生成、图像编辑和多图像合成(最多14张图像)。当用户请求生成图像、创建图像、编辑图像或组合图像时使用。关键词:图像生成、图片生成、生成图片、AI绘画、Nano Banana Pro、Gemini、Gemini 3 Pro Image。 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 28, 2026, 3:22 PM
- Hash
- e3dce44f20d63b95c3e9f22a4ff723cdb2da7379b8793d5b082ff8aa091f9a4a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: echoflow-banana-gen Version: 1.0.0 The skill is classified as suspicious primarily due to high-risk credential handling in 'scripts/generate_image.py'. The script automatically attempts to collect 'OPENAI_API_KEY' or 'GEMINI_API_KEY' from the environment and sends them to a third-party API gateway (api.echoflow.cn) by default if the specific 'ECHOFLOW_API_KEY' is missing. This behavior risks leaking sensitive credentials to an unintended third-party service. Additionally, the script performs unvalidated HTTP GET requests on any URL returned by the model response, which could be leveraged for SSRF or downloading malicious payloads if the upstream API is compromised.
- External report
- View on VirusTotal