← Back to Skills Marketplace
Nanobanana Skill
by
Pengfei Ni
· GitHub ↗
· v0.1.0
997
Downloads
1
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install nanobanana-skill
Description
Generate or edit images using Google Gemini API via nanobanana. Triggers: "nanobanana", "generate image", "create image", "edit image", "AI drawing", "图片生成",...
Usage Guidance
This skill appears to implement an image-generation wrapper for Google Gemini, but the registry metadata failed to declare the required GEMINI_API_KEY. Before installing: (1) confirm the GEMINI_API_KEY requirement is added to the skill metadata or that you understand you must set it in ~/.nanobanana.env or your environment; (2) only use a dedicated API key with restricted quota/permissions; (3) review the included nanobanana.py yourself — it will read local input image files and write output images and uses the google-genai client; (4) install dependencies in a controlled environment (virtualenv) rather than system-wide; and (5) be cautious because the skill author/source is unknown and there is no homepage — prefer skills from known publishers or require the author to fix the metadata mismatch before trusting automatic invocation.
Capability Analysis
Type: OpenClaw Skill
Name: nanobanana-skill
Version: 0.1.0
The skill is classified as suspicious due to a significant prompt injection vulnerability identified in `SKILL.md`. The instructions guide the AI agent to construct `bash` commands by directly embedding user-provided input (e.g., for `--prompt`, `--output`, `--input`) without explicit sanitization or escaping. This allows a malicious user to inject arbitrary shell commands, potentially leading to remote code execution and data exfiltration (e.g., of the `GEMINI_API_KEY` from `~/.nanobanana.env`), especially given the `allowed-tools` permission `Bash(python3:*)`.
Capability Assessment
Purpose & Capability
The skill's code and SKILL.md both implement image generation/editing against Google Gemini, which matches the name/description. However the registry metadata lists no required environment variables while SKILL.md and the script require GEMINI_API_KEY (loaded from ~/.nanobanana.env or env). That metadata omission is an incoherence.
Instruction Scope
Runtime instructions are focused: collect a prompt/inputs, run the included nanobanana.py, and return the saved image path. The script only reads GEMINI_API_KEY (from env/dotenv) and local input files, and writes the output image; it does not reference unrelated system credentials or external endpoints beyond the Google GenAI client.
Install Mechanism
There is no install spec (instruction-only skill) and requirements.txt is standard. The SKILL.md suggests using pip to install listed packages; nothing is downloaded from untrusted URLs and there is no archive extraction.
Credentials
Only GEMINI_API_KEY is needed and that is appropriate for a Gemini client. The concern is that the registry metadata does not declare this required credential, so users may not be warned. The script reads dotenv from ~/.nanobanana.env which could contain secrets — expected for this purpose but should be clearly documented in the skill metadata.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide config changes, and only writes output image files. It does not modify other skills or agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nanobanana-skill - After installation, invoke the skill by name or use
/nanobanana-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of nanobanana-skill:
- Adds integration with Google Gemini API for image generation and editing via the nanobanana tool.
- Supports user-defined prompts, aspect ratios, resolutions, and model selection.
- Provides command-line workflow for both generation and editing of images, including support for multiple input and output options.
- Includes setup instructions, supported parameter values, sample usage commands, error troubleshooting, and best practice tips.
Metadata
Frequently Asked Questions
What is Nanobanana Skill?
Generate or edit images using Google Gemini API via nanobanana. Triggers: "nanobanana", "generate image", "create image", "edit image", "AI drawing", "图片生成",... It is an AI Agent Skill for Claude Code / OpenClaw, with 997 downloads so far.
How do I install Nanobanana Skill?
Run "/install nanobanana-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nanobanana Skill free?
Yes, Nanobanana Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Nanobanana Skill support?
Nanobanana Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nanobanana Skill?
It is built and maintained by Pengfei Ni (@feiskyer); the current version is v0.1.0.
More Skills