Security Audit

nano-banana-pro

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

nano-banana-pro received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read via Input/Reference Images, Arbitrary File Write via Output Filename.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Arbitrary File Read via Input/Reference Images The `generate_image.py` script allows reading arbitrary files from the filesystem by accepting user-controlled paths for `--input-image` and `--reference-image` arguments. A malicious actor could exploit this to exfiltrate sensitive data (e.g., `/etc/passwd`, SSH keys, configuration files) by providing paths to system files or other user data. The `PILImage.open()` function will attempt to open any path provided, potentially leading to data leakage. Implement strict path validation to ensure that `--input-image` and `--reference-image` paths are restricted to a designated, sandboxed directory (e.g., a temporary directory or a user-specific upload directory). Avoid allowing absolute paths or paths that traverse outside a safe base directory. Consider using a file picker or upload mechanism instead of direct path input if possible.	LLM	scripts/generate_image.py:109
CRITICAL	Arbitrary File Write via Output Filename The `generate_image.py` script allows writing to arbitrary locations on the filesystem by accepting a user-controlled path for the `--filename` argument. The script uses `Path(args.filename)` and `output_path.parent.mkdir(parents=True, exist_ok=True)` which can create directories and write files anywhere the process has permissions. A malicious actor could exploit this to overwrite critical system files (if permissions allow), write malicious content to web server directories, or fill up disk space, leading to denial of service or system compromise. Implement strict path validation for the `--filename` argument. Restrict output file paths to a designated, sandboxed directory (e.g., a temporary directory or a user-specific output directory). Prevent the use of absolute paths or paths that traverse outside a safe base directory. Ensure that the skill only writes to locations explicitly intended for user output.	LLM	scripts/generate_image.py:99

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7deff5e17212c8b8.svg)](https://skillshield.io/report/7deff5e17212c8b8)