スキル nano-banana-blockrun 監査履歴
📦

監査履歴

nano-banana-blockrun - 6 監査

監査バージョン 6

最新 高リスク

Jun 28, 2026, 03:55 PM

Static critical heuristics are not confirmed as malicious, and no prompt injection attempt was found. However, the skill requires a wallet private key, loads .env files, signs paid x402 requests, and uses network calls through a third-party SDK. This is high risk for a community marketplace skill and should not be published without stronger review and user warnings.

4
スキャンされたファイル
471
解析済み行数
14
検出結果
codex
監査者

高リスクの問題 (2)

SKILL.md:24-30README.md:35-47scripts/generate.py:23-29scripts/generate.py:48
Wallet Private Key Required for Payment Signing
The skill instructs users to place a private wallet key in .env or BLOCKRUN_WALLET_KEY, then passes that key into the BlockRun ImageClient. This is a true positive for credential access because compromise or misuse of this value can authorize crypto payments.
SKILL.md:67-70README.md:92-98scripts/generate.py:51
Network Payment Flow Uses Third-Party SDK and Signatures
The skill sends generation requests to BlockRun and documents that a payment signature is sent to the server. This is a true positive for network plus credential-adjacent behavior because the workflow spends USDC through signed x402 requests.
中リスクの問題 (3)
scripts/generate.py:20-29
Multiple .env Files Are Loaded from Variable Locations
The script loads .env from the requested output directory, current working directory, and skill directory before reading BLOCKRUN_WALLET_KEY. This can unintentionally select a wallet key from a directory chosen by the caller.
scripts/generate.py:57-63
Generated Files Are Written to Caller-Controlled Paths
The script writes decoded PNG bytes into output_dir using predictable filenames. This is legitimate image generation behavior, but it can overwrite existing generated_image files in the selected directory.
SKILL.md:4SKILL.md:14-17README.md:25-28
Broad Python and Pip Execution Permissions
The skill metadata allows Bash execution for python, python3, pip, and pip3. This is expected for a script-based skill, but it increases risk because the skill can install packages and execute local Python code.
低リスクの問題 (4)
README.md:60-72SKILL.md:46-54
Markdown Code Fences Misclassified as Ruby Backticks
The external command findings in README.md and SKILL.md largely point to Markdown fenced examples for installation and usage. They are documentation examples, not Ruby backtick execution in code.
LICENSE:60LICENSE:106SKILL.md:3
Apache License Text Misclassified as Weak Cryptography
The weak cryptography findings in LICENSE and SKILL.md do not identify cryptographic implementation code. The LICENSE lines are standard Apache License text, and SKILL.md only names the Nano Banana product.
README.md:111-113SKILL.md:84-86LICENSE:184
Documented URLs Are Expected Network References
Hardcoded URL findings point to documentation links for Base, BlockRun, PyPI, x402, and the Apache License. These references are expected for setup and attribution.
scripts/generate.py:55-63
Base64 Decode Used for Image Output
The base64 decode finding is used to save data:image PNG results returned by the image generation API. This appears to be normal handling of image data, not obfuscation.

リスク要因

⚡ スクリプトを含む (1)
scripts/generate.py:1-74
🌐 ネットワークアクセス (13)
LICENSE:3 LICENSE:184 README.md:20 README.md:31 README.md:98 README.md:111 README.md:112 README.md:113 SKILL.md:20 SKILL.md:67 SKILL.md:84 SKILL.md:85 SKILL.md:86
⚙️ 外部コマンド (25)
README.md:19-21 README.md:21-26 README.md:26-28 README.md:28-36 README.md:36-42 README.md:42-45 README.md:45-47 README.md:47-60 README.md:60-66 README.md:66-69 README.md:69-72 README.md:72-86 README.md:86-87 README.md:87-88 README.md:88-105 SKILL.md:15-17 SKILL.md:17-25 SKILL.md:25-31 SKILL.md:31-38 SKILL.md:38-44 SKILL.md:44-47 SKILL.md:47-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63
📁 ファイルシステムへのアクセス (3)
README.md:20 README.md:20 scripts/generate.py:61
🔑 環境変数 (12)
scripts/generate.py:21 scripts/generate.py:29 scripts/generate.py:8 scripts/generate.py:8 scripts/generate.py:24 scripts/generate.py:25 scripts/generate.py:26 scripts/generate.py:8 scripts/generate.py:24 scripts/generate.py:25 scripts/generate.py:26 scripts/generate.py:48

検出されたパターン

Credential Access Combined with Paid Network RequestsEnvironment Loading from User-Influenced Directory

監査バージョン 5

中リスク

Jan 16, 2026, 06:58 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

5
スキャンされたファイル
735
解析済み行数
4
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

🌐 ネットワークアクセス (13)
LICENSE:3 LICENSE:184 README.md:20 README.md:31 README.md:98 README.md:111 README.md:112 README.md:113 SKILL.md:20 SKILL.md:67 SKILL.md:84 SKILL.md:85 SKILL.md:86
⚙️ 外部コマンド (25)
README.md:19-21 README.md:21-26 README.md:26-28 README.md:28-36 README.md:36-42 README.md:42-45 README.md:45-47 README.md:47-60 README.md:60-66 README.md:66-69 README.md:69-72 README.md:72-86 README.md:86-87 README.md:87-88 README.md:88-105 SKILL.md:15-17 SKILL.md:17-25 SKILL.md:25-31 SKILL.md:31-38 SKILL.md:38-44 SKILL.md:44-47 SKILL.md:47-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63
📁 ファイルシステムへのアクセス (3)
README.md:20 README.md:20 scripts/generate.py:61
🔑 環境変数 (12)
scripts/generate.py:21 scripts/generate.py:29 scripts/generate.py:8 scripts/generate.py:8 scripts/generate.py:24 scripts/generate.py:25 scripts/generate.py:26 scripts/generate.py:8 scripts/generate.py:24 scripts/generate.py:25 scripts/generate.py:26 scripts/generate.py:48

検出されたパターン

Hardcoded URLWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessEnvironment file accessCrypto seed/private key mentionPython file write/appendPython environment accessdotenv libraryPython dotenv loaderGeneric API/secret keysPython base64 decode[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] DANGEROUS COMBINATION: Network + Credentials + Evasion techniques[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

監査バージョン 4

中リスク

Jan 16, 2026, 06:58 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

5
スキャンされたファイル
735
解析済み行数
4
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

🌐 ネットワークアクセス (13)
LICENSE:3 LICENSE:184 README.md:20 README.md:31 README.md:98 README.md:111 README.md:112 README.md:113 SKILL.md:20 SKILL.md:67 SKILL.md:84 SKILL.md:85 SKILL.md:86
⚙️ 外部コマンド (25)
README.md:19-21 README.md:21-26 README.md:26-28 README.md:28-36 README.md:36-42 README.md:42-45 README.md:45-47 README.md:47-60 README.md:60-66 README.md:66-69 README.md:69-72 README.md:72-86 README.md:86-87 README.md:87-88 README.md:88-105 SKILL.md:15-17 SKILL.md:17-25 SKILL.md:25-31 SKILL.md:31-38 SKILL.md:38-44 SKILL.md:44-47 SKILL.md:47-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63
📁 ファイルシステムへのアクセス (3)
README.md:20 README.md:20 scripts/generate.py:61
🔑 環境変数 (12)
scripts/generate.py:21 scripts/generate.py:29 scripts/generate.py:8 scripts/generate.py:8 scripts/generate.py:24 scripts/generate.py:25 scripts/generate.py:26 scripts/generate.py:8 scripts/generate.py:24 scripts/generate.py:25 scripts/generate.py:26 scripts/generate.py:48

検出されたパターン

Hardcoded URLWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessEnvironment file accessCrypto seed/private key mentionPython file write/appendPython environment accessdotenv libraryPython dotenv loaderGeneric API/secret keysPython base64 decode[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] DANGEROUS COMBINATION: Network + Credentials + Evasion techniques[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

監査バージョン 3

低リスク

Jan 10, 2026, 11:30 AM

Legitimate image generation skill using x402 micropayments. Private keys are used only for local EIP-712 signing with signatures transmitted, not keys. No obfuscation or exfiltration patterns detected.

6
スキャンされたファイル
479
解析済み行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚡ スクリプトを含む (1)
scripts/generate.py:1-75
🌐 ネットワークアクセス (2)
SKILL.md:1-5 scripts/generate.py:47-51
📁 ファイルシステムへのアクセス (1)
scripts/generate.py:57-66
🔑 環境変数 (1)
scripts/generate.py:23-29
⚙️ 外部コマンド (1)
SKILL.md:4

監査バージョン 2

低リスク

Jan 10, 2026, 11:30 AM

Legitimate image generation skill using x402 micropayments. Private keys are used only for local EIP-712 signing with signatures transmitted, not keys. No obfuscation or exfiltration patterns detected.

6
スキャンされたファイル
479
解析済み行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚡ スクリプトを含む (1)
scripts/generate.py:1-75
🌐 ネットワークアクセス (2)
SKILL.md:1-5 scripts/generate.py:47-51
📁 ファイルシステムへのアクセス (1)
scripts/generate.py:57-66
🔑 環境変数 (1)
scripts/generate.py:23-29
⚙️ 外部コマンド (1)
SKILL.md:4

監査バージョン 1

低リスク

Jan 10, 2026, 11:30 AM

Legitimate image generation skill using x402 micropayments. Private keys are used only for local EIP-712 signing with signatures transmitted, not keys. No obfuscation or exfiltration patterns detected.

6
スキャンされたファイル
479
解析済み行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚡ スクリプトを含む (1)
scripts/generate.py:1-75
🌐 ネットワークアクセス (2)
SKILL.md:1-5 scripts/generate.py:47-51
📁 ファイルシステムへのアクセス (1)
scripts/generate.py:57-66
🔑 環境変数 (1)
scripts/generate.py:23-29
⚙️ 外部コマンド (1)
SKILL.md:4
← スキルに戻る