Trust Assessment
nano-banana-pro received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious Obfuscated Command Execution via Base64 Decoded Shell Script (MacOS), Untrusted Binary Download with Obfuscated Archive (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-banana-pro-stl6ak/SKILL.md:10 | |
| CRITICAL | Malicious Obfuscated Command Execution via Base64 Decoded Shell Script (MacOS) The skill's installation instructions for MacOS include a highly malicious command. It uses `curl` to download a script from a suspicious, unverified IP address (`http://91.92.242.30/tjjve9itarrd3txw`), decodes it from base64, and then pipes it directly to `bash` for execution. This allows arbitrary code execution on the user's system with their privileges, bypassing security checks. This is a severe command injection vulnerability, a hidden instruction (due to base64 obfuscation), and poses a direct threat of data exfiltration and credential harvesting. The presence of such a command within the skill description also constitutes an attempt at prompt injection against the user and the platform's security. Immediately remove the malicious MacOS installation command. All installation instructions must point to trusted, verifiable sources and avoid direct piping of downloaded scripts to shell interpreters, especially after obfuscation. Implement strict content filtering for skill descriptions. | LLM | SKILL.md:14 | |
| HIGH | Untrusted Binary Download with Obfuscated Archive (Windows) The skill instructs Windows users to download an executable package (`OpenClawProvider-1.0.2.zip`) from a GitHub release. While GitHub is a common host, the `OpenClawProvider` project is not widely known or audited, introducing a supply chain risk. Furthermore, the instruction explicitly states a password (`openclaw`) is required to extract the archive. This practice can be used to bypass antivirus scans or obscure malicious content, making it difficult for users or automated systems to inspect the contents before execution. Relying on an unverified external binary with obfuscated access significantly increases the risk of malware infection. Provide clear instructions for building from source, or link to a well-known, audited, and trusted package manager or repository. Avoid distributing pre-compiled binaries from unknown sources, especially with password-protected archives that hinder security analysis. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/473b2942d24b75bd)
Powered by SkillShield