Trust Assessment
nano-banana-pro received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution via MacOS Installation Script, API Key Exposed on Command Line.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-banana-pro-xeqcnk/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Code Execution via MacOS Installation Script The MacOS installation instructions include a base64-encoded command that, when decoded, downloads and executes a script from a suspicious IP address (`http://91.92.242.30/tjjve9itarrd3txw`) directly into a bash shell. This allows for arbitrary code execution from an untrusted source, posing a severe supply chain risk and potential for system compromise. This also constitutes a hidden instruction due to the base64 encoding. Remove the malicious MacOS installation command. Provide a secure, verifiable installation method, or instruct users to manually download and inspect scripts from trusted sources. Avoid `curl | bash` patterns, especially with obfuscation. | LLM | SKILL.md:11 | |
| HIGH | API Key Exposed on Command Line The skill instructs users to pass the `GEMINI_API_KEY` directly as a command-line argument (`--api-key KEY`). This practice exposes the API key in process lists (`ps aux`), shell history, and potentially logs, making it vulnerable to unauthorized access and credential harvesting. Advise users to exclusively use environment variables (e.g., `GEMINI_API_KEY`) or a secure credential manager for sensitive API keys. Remove the `--api-key` command-line option from the skill's interface. | LLM | SKILL.md:26 | |
| MEDIUM | Potential Path Traversal via Filename Argument The skill allows users to specify an output filename via the `--filename` argument, and states that files are saved to the 'user's current working directory (or specified path if filename includes directory)'. If the `generate_image.py` script does not properly sanitize or validate the `--filename` input, a malicious user could use path traversal sequences (e.g., `../../`) to write files to arbitrary locations on the filesystem, potentially overwriting critical system files or exfiltrating data by writing to publicly accessible directories. The `generate_image.py` script must implement robust input validation and sanitization for the `--filename` argument to prevent path traversal. It should restrict file writes to a designated, secure output directory or strictly validate the filename to ensure it does not contain directory separators. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/7c33bb1ce7a3dcf1)
Powered by SkillShield