使用Nano Banana Pro(Gemini 3 Pro Image)通过第三方中转API站清云EchoFlow API生成或编辑图像。支持图像生成、图像编辑和多图像合成(最多14张图像)。当用户请求生成图像、创建图像、编辑图像或组合图像时使用。关键词:图像生成、图片生成、生成图片、AI绘画、Nano Banana Pro、Gemini、Gemini 3 Pro Image。
Analysis
This appears to be a coherent image-generation skill, but using it sends prompts, optional input images, and an EchoFlow API key to a third-party API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
uv runtime — runs the bundled Python script with auto-managed dependencies ... httpx>=0.25.0, pillow>=10.0.0
The skill relies on uv to run the bundled script and resolve Python packages using version ranges. This is purpose-aligned but depends on external package resolution.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
return os.environ.get("ECHOFLOW_API_KEY") ... "Authorization": f"Bearer {api_key}"The script uses the EchoFlow API key as a bearer credential for image requests. This is expected for the integration and is disclosed, but it is still credential access.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
"image_url": {"url": f"data:image/png;base64,{b64_data}"} ... response = httpx.post(f"{args.api_base}/chat/completions", headers=headers, json=request_body, timeout=120.0)When editing or composing images, the script base64-encodes user-specified images and sends them, along with the prompt, to the configured EchoFlow API endpoint.