Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image). Use for image create/modify requests incl. edits. Supports text-to-image + image-to-image; 1K/2K/4K; use --input-image. The skill appears to implement an im
Security
High Risk
Quality
Watch · 62
Install
manual only
Audit version
audit-standard-v2
Source metrics come from upstream registries/repositories. Platform metrics come from user actions on SkillTrust and are protected by dedupe/rate-limit anti-abuse rules.
Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image). Use for image create/modify requests incl. edits. Supports text-to-image + image-to-image; 1K/2K/4K; use --input-image. The skill appears to implement an image-generation tool for Gemini as described, but the registry metadata omits required items (an API key and the 'uv' runner) and there are small inconsistencies that you should resolve before trusting it. This skill's behavior (calling Google GenAI and saving PNGs) matches its description, but the registry metadata omits two important requirements: - The Python script requires a Gemini API key (GEMINI_API_KEY or --api-key). The skill metadata should declare this; verify you are comfortable providing such a key and that it is scoped/ephemeral if possible. - The SKILL.md instructs running the script with the 'uv' runner, but the registry lists no required binaries. Confirm you have a trustworthy 'uv' binary and understand how it runs the script. Before installing or using the skill: - Ask the publisher for a homepage/source and request corrected metadata that lists GEMINI_API_KEY and the 'uv' runtime requirement. - Inspect or run the script in a sandboxed environment first. The code is short and readable, but it will send prompts and any provided input images to the Google GenAI client and will create files in the current working directory. - Avoid exposing highly privileged credentials. Prefer passing a limited-scope or ephemeral API key via the --api-key argument rather than relying on long-lived environment variables when possible. - Ensure required Python dependencies (google-genai, pillow) are installed from official sources before running. Given the metadata omissions, treat this as suspicious until the origin and declared requirements are clarified.
• Add explicit When to Use / Guidelines sections.
• Provide at least one concrete input-output example.
• Publish versioned changelog and update cadence.
• Document compatibility and breaking-change policy.
• Expand capability limits and boundary conditions.
Is this a security certification?
No. SkillTrust audit is advisory and should be combined with your own review controls.
Can I install directly from this page?
No one-click install is provided. Use command guidance and run in your controlled environment.
Imported from ClawHub public listing.
Official source did not expose a direct install command.
Open official docsInstall method: instruction-only
Quick install
Quick preflight
Read source docs and verify prerequisites manually.Preflight checks
Post-install signal
Installed successfully? Send an activation signal to improve ranking quality over time.
Audit score 60 / 100. Risk guidance is advisory only; review evidence before install.
• Add troubleshooting and FAQ for common failures.
• Improve discoverability through verified source channels.
• Publish usage examples to increase activation quality.
• Reduce shell/file/network scope and document least privilege.
• Expose explicit provenance, dependency pinning, and security notes.
• Provide structured install + rollback steps for each supported agent.
• Mark official/verified status and keep metadata timestamps fresh.
Moderately fresh; review release notes before install.
Audit guidance: 60 / 100 · high
Scores with similar values can still differ in confidence; use evidence and risk lines below for final install judgment.
Risk 60 · Δ +0 · Findings 5
Apr 3, 2026 · auto
Latest high risk result from audit-standard-v2.