Nano Banana Pro Image Generation & Editing

Name: nano-banana-pro
Author: steipete

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

Unsanitized user input enables command injection, path

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Nano Banana Pro Image Generation & Editing: Generate new images or edit existing ones using Google's Nano Banana Pro API (Gemini 3 Pro Image).

Actually does

This skill executes a Python script via `uv run` to interact with the Google Nano Banana Pro API (Gemini 3 Pro Image). It takes a text prompt, an optional input image file, and an API key (from argument or `GEMINI_API_KEY` env var). It saves the generated or edited image as a PNG file to the user's current working directory.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namesteipete/nano-banana-pro

Registryclawhub

Version1.0.1

PURLpkg:clawhub/steipete/nano-banana-pro@1.0.1

Stars338

Downloads86,131

Installs1,764

Source

Repository ↗

SHA-2564ea88f4b0e95...

SHA-14d6731a128bf...

MD5eb0735f717c3...

TLSH1ec1d8216c44...

ssdeep96:UE4RpBfXp...

Size5,701 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/steipete/nano-banana-pro

86,131 downloads1,764 installs

ClawHubDocs

openclaw skills install steipete/nano-banana-pro

Assessments (1)

AI Agent Traps ↗

Command execution with user-controlled pathshighcommand execution

The skill executes a Python script via `uv run` with arguments (`--filename`, `--input-image`) that are derived from user input. Without proper sanitization within the `generate_image.py` script, this could lead to path traversal for arbitrary file writes/reads or command injection.

90% confidenceline 13

uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "..." --filename "output-name.png" --input-image "path/to/input.png"

Reconnaissance via file existence checkmediumreconnaissance

The preflight check `test -f "path/to/input.png"` allows checking for the existence of arbitrary files on the system if the `path/to/input.png` argument is fully user-controlled.

80% confidenceline 64

test -f \"path/to/input.png\"

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/nano-banana-pro.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/steipete/nano-banana-pro)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/steipete/nano-banana-pro"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/nano-banana-pro.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/nano-banana-pro.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow