← Back to Skills Marketplace
Nano Banana Pro Enhanced
by
Choi Jiheon
· GitHub ↗
· v1.0.1
396
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install nano-banana-pro-enhanced
Description
Generate or edit images via Gemini 3 Pro Image (Nano Banana Pro).
Usage Guidance
What to check before installing: 1) Confirm that you are comfortable with input images and (potentially sensitive) prompts being uploaded to Google's Gemini API — the script will call client.files.upload for edits. 2) Inspect and, if needed, change PENDING_JOBS_PATH in scripts/generate_image.py so pending-batch-jobs.json is stored inside a controlled skill directory (not four levels up into an ambiguous filesystem location). 3) Avoid following the SKILL.md advice to record detailed reasons for requests in HEARTBEAT.md (or ensure that file is in a private, ephemeral workspace) because it explicitly instructs the agent to persist human-readable context. 4) If you do not want persistent background checks, do not schedule cronjobs suggested by the SKILL.md; instead perform manual batch checks. 5) Verify how uv will install Python dependencies (google-genai, pillow) in your environment. If these concerns are addressed (pending-jobs path constrained, HEARTBEAT.md guidance removed or limited), the skill would be coherent with its purpose; as-is, treat it with caution.
Capability Analysis
Type: OpenClaw Skill
Name: nano-banana-pro-enhanced
Version: 1.0.1
The skill is suspicious due to multiple critical vulnerabilities. The `SKILL.md` contains prompt injection vectors, instructing the agent to write user-provided context into `HEARTBEAT.md` and to create cronjobs based on user requests, which could lead to arbitrary command execution or agent manipulation. Additionally, the `scripts/generate_image.py` script is vulnerable to path traversal via the `--filename`, `--batch-file`, and `--input-image` arguments, allowing for arbitrary file writes and reads outside the skill's intended directory.
Capability Assessment
Purpose & Capability
Name, description, required binary (uv), and GEMINI_API_KEY align with an image-generation wrapper for Gemini. The bundled Python script and declared dependencies (google-genai, pillow) are coherent with the stated purpose. Minor mismatch: SKILL.md references setting keys in ~/.clawdbot/clawdbot.json, but the script itself only reads env var or cmdline arg for the API key.
Instruction Scope
SKILL.md instructs agents to add an explicit contextual note ('why this image was requested') to a shared HEARTBEAT.md and suggests using cronjobs for timed checks — this asks the agent to create and persist human-readable context which may contain sensitive information. The script also persists pending batch job metadata to a filesystem path (memory/pending-batch-jobs.json). Writing persistent context and 'why' notes is outside pure image-generation and risks leaking user prompts and intent.
Install Mechanism
Install uses a Brew formula (uv) which is a standard package source for the declared runtime binary. The Python dependencies are declared in script comments (likely for uv to manage) but are not explicitly installed in the install spec; this is common with uv-managed scripts but the installer behavior should be confirmed.
Credentials
Only GEMINI_API_KEY is required as an env var (declared as primary credential), which is appropriate for a Gemini integration. The script will upload input images to Google's API for editing (client.files.upload), which is expected for an editing feature but should be explicit to users because local images are transmitted to an external service.
Persistence & Privilege
The script writes pending batch job metadata to PENDING_JOBS_PATH computed as Path(__file__).resolve().parent.parent.parent.parent / 'memory' / 'pending-batch-jobs.json' — this climbs four directory levels and may create or modify files outside the skill package directory depending on where the skill is installed. Combined with SKILL.md asking agents to write HEARTBEAT.md and use cronjobs, this gives the skill a persistent footprint that can store user prompts and intent on disk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nano-banana-pro-enhanced - After installation, invoke the skill by name or use
/nano-banana-pro-enhanced - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Clarified batch job checklist: now requires including the reason/context for the image request in HEARTBEAT.md, so intent is clear after session resets.
- No code or logic changes; documentation update only.
v1.0.0
Based on the existing Nano Banana Pro skill, I've updated it to support submitting aspect ratio and placement commands.
- Initial release of Nano Banana Pro Enhanced: Image generation and editing using Gemini 3 Pro.
- Supports both single and batch image creation, with detailed CLI instructions.
- Introduces non-blocking batch processing and job tracking via JSON files.
- Adds support for multiple resolutions (1K, 2K, 4K) and a range of aspect ratios for generation.
- Authentication via GEMINI_API_KEY environment variable.
- Provides guidelines for media delivery and batch job monitoring.
Metadata
Frequently Asked Questions
What is Nano Banana Pro Enhanced?
Generate or edit images via Gemini 3 Pro Image (Nano Banana Pro). It is an AI Agent Skill for Claude Code / OpenClaw, with 396 downloads so far.
How do I install Nano Banana Pro Enhanced?
Run "/install nano-banana-pro-enhanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nano Banana Pro Enhanced free?
Yes, Nano Banana Pro Enhanced is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Nano Banana Pro Enhanced support?
Nano Banana Pro Enhanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nano Banana Pro Enhanced?
It is built and maintained by Choi Jiheon (@steamb23); the current version is v1.0.1.
More Skills