← Back to Skills Marketplace

Nano Banana Openrouter

Name: Nano Banana Openrouter
Author: fyi0329-pixel

by fyi0329-pixel · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

621

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install nano-banana-openrouter

Description

Generate images with Google's Nano Banana Gemini 2.5 Flash Image model via OpenRouter API using text prompts.

Usage Guidance

Do not install or run this skill as-is. At minimum: (1) Remove the test file containing the hard-coded API key (test-gen.mjs) and rotate any exposed key immediately; treat it as compromised. (2) Remove or reduce embedded large base64 blobs (output.json) from the package (store examples elsewhere). (3) Update the skill metadata to declare required environment variables (OPENROUTER_API_KEY) so installers know a credential is needed. (4) Prefer removing test/demo network calls from the distributed bundle. (5) Verify the npm package sources (npmmirror entries) if you will npm install — use trusted registries. After these fixes, re-audit and only then consider installing. If you already used the exposed key anywhere, rotate it now.

Capability Analysis

Type: OpenClaw Skill Name: nano-banana-openrouter Version: 1.0.0 The skill is classified as suspicious due to several vulnerabilities. The `index.ts` file directly concatenates user-provided `prompt` and `aspectRatio` into an external LLM API call, posing a prompt injection risk against the *external LLM* (not the OpenClaw agent) which could lead to unintended content generation or resource misuse. Additionally, the `test-gen.mjs` file hardcodes an API key, a significant security flaw that risks credential exposure. The `tsconfig.json` also disables strict type checking, indicating a potential for less robust code.

Capability Assessment

⚠ Purpose & Capability

Name/description claim image generation via OpenRouter, which matches the code that POSTs to https://openrouter.ai. However metadata declares no required env vars, while SKILL.md and index.ts both expect OPENROUTER_API_KEY (with GEMINI_API_KEY as a fallback). The manifest/metadata omission is an incoherence that hides the need for credentials.

⚠ Instruction Scope

SKILL.md usage and model choices are scoped to image generation. But the repository includes extra runtime/test files that broaden scope: test-gen.mjs contains a network call with a hard-coded API key, save-img.mjs reads output.json and writes files, and output.json contains a very large base64 image. Those artifacts increase risk (credential leakage, accidental execution, and large embedded binary data) beyond the SKILL.md instructions.

ℹ Install Mechanism

No formal install spec (instruction-only) which is low-risk. The package.json/package-lock present indicate node-fetch is a dependency — reasonable for fetch-based code. package-lock references the 'npmmirror.com' registry mirror instead of the default npm registry; atypical but not automatically malicious.

⚠ Credentials

The skill requires an OpenRouter API key to operate (SKILL.md explicitly asks to set OPENROUTER_API_KEY and index.ts reads it), but the registered requirements list none — mismatch. Worse: test-gen.mjs contains a hard-coded API key literal (sk-or-v1-46da90…); including a plaintext credential in the bundle is a serious security issue and indicates either careless handling of secrets or leaked credentials.

✓ Persistence & Privilege

No 'always: true' or persistent privileged behavior. SKILL.md asks the user to add the key to openclaw.json (normal for service integrations). The skill does not request system-wide config changes or modify other skills.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install nano-banana-openrouter
After installation, invoke the skill by name or use /nano-banana-openrouter
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release for Nano Banana OpenRouter Skill: - Generate images using Google’s Nano Banana (Gemini 2.5 Flash Image) models with OpenRouter API. - Simple API key configuration via `openclaw.json` or `OPENROUTER_API_KEY` environment variable. - Includes tool: `nano_banana_generate` for easy image creation. - Supports both free and high-quality image models. - Handles necessary OpenRouter headers and image modality automatically.

Metadata

Slug nano-banana-openrouter

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Nano Banana Openrouter?

Generate images with Google's Nano Banana Gemini 2.5 Flash Image model via OpenRouter API using text prompts. It is an AI Agent Skill for Claude Code / OpenClaw, with 621 downloads so far.

How do I install Nano Banana Openrouter?

Run "/install nano-banana-openrouter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Nano Banana Openrouter free?

Yes, Nano Banana Openrouter is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Nano Banana Openrouter support?

Nano Banana Openrouter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Nano Banana Openrouter?

It is built and maintained by fyi0329-pixel (@fyi0329-pixel); the current version is v1.0.0.

More Skills