corespeed-nanobanana

PassAudited by ClawScan on May 1, 2026.

Overview

This looks like a normal Gemini image/text generation skill, but users should notice that it sends prompts/images to a configured Corespeed/Gemini gateway and installs Python dependencies on first run.

Before installing, confirm you trust the Corespeed gateway URL and API token configuration, and avoid sending private images or sensitive prompts unless that provider's handling is acceptable to you.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone installing the skill should understand it can spend or use the configured gateway account according to that token's permissions.

Why it was flagged

The script uses an environment-provided API token to authenticate to the configured Corespeed/Gemini gateway, which is expected for this service integration.

Skill content

api_token = os.environ.get("CS_AI_GATEWAY_API_TOKEN", "") ... return genai.Client(api_key=api_token, http_options=types.HttpOptions(base_url=f"{base_url.rstrip('/')}/google-ai-studio"))

Recommendation

Use a dedicated, least-privilege API token if available, keep it out of shared logs, and verify the configured gateway URL before use.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Prompts and any selected images leave the local machine and are processed by the configured Corespeed/Gemini service.

Why it was flagged

User-selected input files and prompts are packaged into Gemini request parts and sent to the configured external gateway.

Skill content

data = fpath.read_bytes() ... parts.append(types.Part.from_bytes(data=data, mime_type=mime)) ... response = client.models.generate_content(model=model, contents=types.Content(role="user", parts=parts), ...)

Recommendation

Only provide images and prompts you are comfortable sending to that service, and review the provider's data-handling policy for sensitive content.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The first run can download and execute dependency versions from the Python package ecosystem, which may change over time.

Why it was flagged

The script declares runtime Python dependencies with minimum versions, so uv may fetch package code outside the reviewed artifacts on first run.

Skill content

# dependencies = [
#     "google-genai>=1.0.0",
#     "typer>=0.12.0",
# ]

Recommendation

Install from trusted package indexes and consider pinning or locking dependency versions in higher-assurance environments.