스킬 nanobanana 감사 이력
📦

감사 이력

nanobanana - 2 감사

감사 버전 2

최신 중간 위험

Jun 28, 2026, 01:39 PM

Static analysis reported many severe patterns, but manual review shows no confirmed malicious intent and no prompt injection attempts. The main real risks are expected for this skill type: environment API key access, external Gemini API calls, local image file reads for edit and restore, automatic dependency bootstrap, and a documented pipe-to-shell uv installer command.

7
스캔된 파일
809
분석된 줄 수
11
발견 사항
codex
감사자
중간 위험 문제 (3)
scripts/nanobanana.py:55-68scripts/nanobanana.py:162-169scripts/nanobanana.py:217-221
External Gemini API Use With Environment API Key
The skill intentionally reads Gemini API keys from environment variables and sends prompts, and sometimes image bytes, to the Gemini API. This is expected for image generation, but users must understand that prompt and image content leave the local machine.
scripts/nanobanana.py:36-43scripts/nanobanana.py:96-107scripts/nanobanana.py:162-169
Local Image File Reads Can Upload User Files
The edit and restore flows resolve image filenames from the current directory, common subdirectories, Downloads, Desktop, or absolute paths, then read the file bytes for the model request. This is legitimate for image editing but can expose local image contents if a user selects the wrong file.
README.md:20-24SKILL.md:9-14scripts/nanobanana.py:1-4
Supply Chain Exposure From Installer and Runtime Dependency Bootstrap
The README recommends installing uv through a downloaded shell script, and the skill script relies on uv inline metadata to provision google-genai automatically. This is not malicious, but it adds supply chain trust requirements outside the skill repository.
낮은 위험 문제 (3)
scripts/nanobanana.py:110-119
Subprocess Preview Command Is Constrained
Static analysis flagged subprocess.Popen, but the command is selected from fixed platform preview commands and receives the generated path as a separate argument. I did not find evidence of shell=True or user-controlled command construction.
README.md:13-24references/prompt_recipes.md:5-13references/troubleshooting.md:17-33SKILL.md:20-30
Markdown Command and Weak Crypto Alerts Are Mostly False Positives
Many Ruby backtick, weak cryptography, hidden home file, and hardcoded URL alerts are markdown examples, model names, prompt placeholders, or documentation paths. I did not find evidence that these markdown lines perform code execution or cryptographic operations at runtime.
scripts/nanobanana.py:132-153scripts/nanobanana.py:156-159
Base64 Decode Handles Gemini Image Response Data
The base64 decode finding appears to be a safe response parsing pattern. It decodes inline image data returned by the Gemini SDK and writes the resulting bytes as image files.

위험 요인

⚡ 스크립트 포함 (2)
scripts/nanobanana.py:1-4 scripts/nanobanana.py:377-449
🌐 네트워크 접근 (4)
scripts/nanobanana.py:24-25 scripts/nanobanana.py:67-68 scripts/nanobanana.py:162-169 README.md:37
📁 파일 시스템 접근 (4)
scripts/nanobanana.py:36-43 scripts/nanobanana.py:81-93 scripts/nanobanana.py:96-107 scripts/nanobanana.py:156-159
🔑 환경 변수 (4)
scripts/nanobanana.py:29-34 scripts/nanobanana.py:55-68 scripts/nanobanana.py:71-72 README.md:61-69
⚙️ 외부 명령어 (3)
README.md:20-24 scripts/nanobanana.py:110-119 SKILL.md:34-38

감지된 패턴

External Gemini API Use With Environment API KeyLocal Image File Reads Can Upload User FilesSupply Chain Exposure From Installer and Runtime Dependency BootstrapSubprocess Preview Command Is Constrained

감사 버전 1

안전

May 4, 2026, 09:53 AM

Static analysis detected 216 potential issues but manual evaluation confirms all are false positives. The skill is a legitimate image generation tool using Google's Gemini API. Network calls go exclusively to Google's official API endpoints. Environment variable access is standard API key configuration. Subprocess usage is limited to safe desktop integration (image preview). Base64 decoding handles image data from API responses. No credential exfiltration, data leakage, or malicious behavior detected.

10
스캔된 파일
846
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제가 발견되지 않았습니다
← 스킬로 돌아가기