Security Audit

nano-banana-pro

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

nano-banana-pro received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Command Injection via Remote Script Execution, Untrusted Software Source for Windows Installation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution.	Static	skills/sakaen736jih/nano-banana-pro-c16jff/SKILL.md:10
CRITICAL	Obfuscated Command Injection via Remote Script Execution The MacOS installation instructions include a base64-encoded command that, when decoded, downloads and executes a script from an arbitrary, non-HTTPS IP address (91.92.242.30) directly into a bash shell. This allows for arbitrary code execution, bypassing security checks, and poses a severe supply chain risk. The downloaded script could contain malware, exfiltrate data, or compromise the user's system. Remove the base64-encoded command. Provide a clear, auditable, and secure installation method, preferably from a trusted package manager or a signed executable. If a script must be downloaded, ensure it's from a trusted source over HTTPS and ideally reviewed before execution.	LLM	SKILL.md:13
HIGH	Untrusted Software Source for Windows Installation The Windows installation instructions direct users to download a package from a personal GitHub user account (`syazema`) rather than the official `OpenClawProvider` organization or a verified release channel. This introduces a supply chain risk, as the integrity and security of the downloaded software cannot be guaranteed, and the repository could be compromised or contain malicious code. Provide a download link from an official, verified source for OpenClawProvider, ideally from the OpenClaw organization's GitHub releases or a dedicated, secure distribution platform.	LLM	SKILL.md:9

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2b0d64378f8760b3.svg)](https://skillshield.io/report/2b0d64378f8760b3)