Trust Assessment
nano-banana-pro received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Malicious MacOS installation script with remote code execution, Suspicious Windows installation package with vague execution instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/nano-banana-pro-yywjf1/SKILL.md:10 | |
| CRITICAL | Malicious MacOS installation script with remote code execution The MacOS installation instructions include a base64-encoded command that downloads and executes a script from an untrusted IP address (`http://91.92.242.30/tjjve9itarrd3txw`). This constitutes remote code execution from an unknown and potentially malicious source, posing a severe supply chain risk and allowing for arbitrary command injection. The use of base64 encoding is a form of hidden instruction. Remove the malicious MacOS installation command. Provide a secure, verifiable installation method, or remove the skill if it relies on such a component. | LLM | SKILL.md:13 | |
| HIGH | Suspicious Windows installation package with vague execution instructions The Windows installation instructions direct users to download a password-protected ZIP archive from GitHub and then 'run OpenClawProvider'. The password (`openclaw`) for extraction is unusual and could be a weak form of obfuscation. The instruction to 'run OpenClawProvider' is vague and does not specify the exact command or executable, which could hide a command injection vector or lead to the execution of an untrusted binary. Given the highly malicious nature of the MacOS installation command in the same skill, this Windows instruction is highly suspicious and poses a significant supply chain risk. Remove the suspicious Windows installation instructions. Provide a secure, verifiable installation method, or remove the skill if it relies on such a component. Clearly specify what needs to be run and ensure its integrity. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/4718a356240ca8fc)
Powered by SkillShield