📦
Historial de auditorías
nano-banana-blockrun - 6 auditorías
Versión de auditoría 6
Más reciente Riesgo altoJun 28, 2026, 03:55 PM
Static critical heuristics are not confirmed as malicious, and no prompt injection attempt was found. However, the skill requires a wallet private key, loads .env files, signs paid x402 requests, and uses network calls through a third-party SDK. This is high risk for a community marketplace skill and should not be published without stronger review and user warnings.
4
Archivos escaneados
471
Líneas analizadas
14
hallazgos
codex
Auditado por
Problemas de riesgo alto (2)
Wallet Private Key Required for Payment Signing
The skill instructs users to place a private wallet key in .env or BLOCKRUN_WALLET_KEY, then passes that key into the BlockRun ImageClient. This is a true positive for credential access because compromise or misuse of this value can authorize crypto payments.
Network Payment Flow Uses Third-Party SDK and Signatures
The skill sends generation requests to BlockRun and documents that a payment signature is sent to the server. This is a true positive for network plus credential-adjacent behavior because the workflow spends USDC through signed x402 requests.
Problemas de riesgo medio (3)
Multiple .env Files Are Loaded from Variable Locations
The script loads .env from the requested output directory, current working directory, and skill directory before reading BLOCKRUN_WALLET_KEY. This can unintentionally select a wallet key from a directory chosen by the caller.
Generated Files Are Written to Caller-Controlled Paths
The script writes decoded PNG bytes into output_dir using predictable filenames. This is legitimate image generation behavior, but it can overwrite existing generated_image files in the selected directory.
Broad Python and Pip Execution Permissions
The skill metadata allows Bash execution for python, python3, pip, and pip3. This is expected for a script-based skill, but it increases risk because the skill can install packages and execute local Python code.
Problemas de riesgo bajo (4)
Markdown Code Fences Misclassified as Ruby Backticks
The external command findings in README.md and SKILL.md largely point to Markdown fenced examples for installation and usage. They are documentation examples, not Ruby backtick execution in code.
Apache License Text Misclassified as Weak Cryptography
The weak cryptography findings in LICENSE and SKILL.md do not identify cryptographic implementation code. The LICENSE lines are standard Apache License text, and SKILL.md only names the Nano Banana product.
Documented URLs Are Expected Network References
Hardcoded URL findings point to documentation links for Base, BlockRun, PyPI, x402, and the Apache License. These references are expected for setup and attribution.
Base64 Decode Used for Image Output
The base64 decode finding is used to save data:image PNG results returned by the image generation API. This appears to be normal handling of image data, not obfuscation.
Factores de riesgo
⚡ Contiene scripts (1)
🌐 Acceso a red (13)
⚙️ Comandos externos (25)
README.md:19-21 README.md:21-26 README.md:26-28 README.md:28-36 README.md:36-42 README.md:42-45 README.md:45-47 README.md:47-60 README.md:60-66 README.md:66-69 README.md:69-72 README.md:72-86 README.md:86-87 README.md:87-88 README.md:88-105 SKILL.md:15-17 SKILL.md:17-25 SKILL.md:25-31 SKILL.md:31-38 SKILL.md:38-44 SKILL.md:44-47 SKILL.md:47-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63
📁 Acceso al sistema de archivos (3)
🔑 Variables de entorno (12)
Patrones detectados
Credential Access Combined with Paid Network RequestsEnvironment Loading from User-Influenced Directory
Versión de auditoría 5
Riesgo medioJan 16, 2026, 06:58 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
5
Archivos escaneados
735
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
Factores de riesgo
🌐 Acceso a red (13)
⚙️ Comandos externos (25)
README.md:19-21 README.md:21-26 README.md:26-28 README.md:28-36 README.md:36-42 README.md:42-45 README.md:45-47 README.md:47-60 README.md:60-66 README.md:66-69 README.md:69-72 README.md:72-86 README.md:86-87 README.md:87-88 README.md:88-105 SKILL.md:15-17 SKILL.md:17-25 SKILL.md:25-31 SKILL.md:31-38 SKILL.md:38-44 SKILL.md:44-47 SKILL.md:47-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63
📁 Acceso al sistema de archivos (3)
🔑 Variables de entorno (12)
Patrones detectados
Hardcoded URLWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessEnvironment file accessCrypto seed/private key mentionPython file write/appendPython environment accessdotenv libraryPython dotenv loaderGeneric API/secret keysPython base64 decode[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] DANGEROUS COMBINATION: Network + Credentials + Evasion techniques[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network
Versión de auditoría 4
Riesgo medioJan 16, 2026, 06:58 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
5
Archivos escaneados
735
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
Factores de riesgo
🌐 Acceso a red (13)
⚙️ Comandos externos (25)
README.md:19-21 README.md:21-26 README.md:26-28 README.md:28-36 README.md:36-42 README.md:42-45 README.md:45-47 README.md:47-60 README.md:60-66 README.md:66-69 README.md:69-72 README.md:72-86 README.md:86-87 README.md:87-88 README.md:88-105 SKILL.md:15-17 SKILL.md:17-25 SKILL.md:25-31 SKILL.md:31-38 SKILL.md:38-44 SKILL.md:44-47 SKILL.md:47-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63
📁 Acceso al sistema de archivos (3)
🔑 Variables de entorno (12)
Patrones detectados
Hardcoded URLWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessEnvironment file accessCrypto seed/private key mentionPython file write/appendPython environment accessdotenv libraryPython dotenv loaderGeneric API/secret keysPython base64 decode[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] DANGEROUS COMBINATION: Network + Credentials + Evasion techniques[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network
Versión de auditoría 3
Riesgo bajoJan 10, 2026, 11:30 AM
Legitimate image generation skill using x402 micropayments. Private keys are used only for local EIP-712 signing with signatures transmitted, not keys. No obfuscation or exfiltration patterns detected.
6
Archivos escaneados
479
Líneas analizadas
5
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
Factores de riesgo
⚡ Contiene scripts (1)
🌐 Acceso a red (2)
📁 Acceso al sistema de archivos (1)
🔑 Variables de entorno (1)
⚙️ Comandos externos (1)
Versión de auditoría 2
Riesgo bajoJan 10, 2026, 11:30 AM
Legitimate image generation skill using x402 micropayments. Private keys are used only for local EIP-712 signing with signatures transmitted, not keys. No obfuscation or exfiltration patterns detected.
6
Archivos escaneados
479
Líneas analizadas
5
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
Factores de riesgo
⚡ Contiene scripts (1)
🌐 Acceso a red (2)
📁 Acceso al sistema de archivos (1)
🔑 Variables de entorno (1)
⚙️ Comandos externos (1)
Versión de auditoría 1
Riesgo bajoJan 10, 2026, 11:30 AM
Legitimate image generation skill using x402 micropayments. Private keys are used only for local EIP-712 signing with signatures transmitted, not keys. No obfuscation or exfiltration patterns detected.
6
Archivos escaneados
479
Líneas analizadas
5
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad