← 返回 Skills 市场

Nano Banana Image T8

Name: Nano Banana Image T8
Author: flywhale-666

作者 flywhale · GitHub ↗ · v0.1.5 · MIT-0

cross-platform ⚠ suspicious

550

总下载

当前安装

版本数

在 OpenClaw 中安装

/install nano-banana-image-t8

功能描述

通过Nano Banana API完成文本生成图像和图像编辑，支持上传图片和自定义尺寸比例的生图测试和联调。

安全使用建议

This skill is mostly coherent with its stated purpose but contains a few things to review before installing or using it with real credentials: - The script will save any provided API key to ~/.whaleclaw/credentials/nano_banana_api_key.txt (mode 600). If you allow the skill to store a key, be prepared to rotate it if you later uninstall the skill. - The script follows image URLs returned by the API and performs HTTP GET on them. If the http client includes your Authorization header when fetching those URLs, your API key could be leaked to whatever host is referenced in the response (third-party CDN or an internal IP). Ask the maintainer or inspect/patch the script so that requests to image URLs do not include the Authorization header (or validate/whitelist hosts before fetching). - SKILL.md forbids changing the base URL but the script accepts a --base-url argument; decide whether you trust the script caller to adhere to the policy. An attacker or misconfiguration could point --base-url to a different host. - The script's internal default model string (e.g., gemini-3.1-flash-image-preview) differs from the external display names in the SKILL.md. That is likely benign but worth noting if you care about model-identifiers being revealed. - Registry metadata lists no required env vars but the skill expects an API key param mapped to NANO_BANANA_API_KEY — this metadata mismatch may affect automated tooling. Confirm how your agent platform will surface the API key prompt and where the key will be stored. If you decide to use it: inspect the script (or request a change) so that (1) when fetching image URLs it strips Authorization and other sensitive headers, (2) it validates/whitelists hosts for external fetches, and (3) behavior around default model display vs internal identifiers is explicit. If you cannot inspect or modify the script, consider using a throwaway/limited-scope API key.

功能分析

Type: OpenClaw Skill Name: nano-banana-image-t8 Version: 0.1.5 The skill bundle provides a legitimate interface for image generation and editing via the Nano Banana API (ai.t8star.cn). The included Python script (test_nano_banana_2.py) manages API keys and user preferences by storing them in the user's home directory with appropriate file permissions (chmod 600). The instructions in SKILL.md are detailed and include specific privacy safeguards, such as instructing the AI agent to only capture API keys when explicitly used for this service and to avoid scanning unrelated files. No evidence of data exfiltration, unauthorized execution, or malicious intent was found.

能力评估

ℹ Purpose & Capability

Name/description, SKILL.md, and the included script all point to an image-generation/test helper for a Nano Banana API — that is coherent. However, registry metadata says no required env vars while SKILL.md enforces an API key parameter (and the script expects an API key), which is an inconsistency. Also SKILL.md insists the base URL is fixed to https://ai.t8star.cn, but the script exposes a --base-url option (inconsistent).

⚠ Instruction Scope

SKILL.md instructs the agent to use the included script and to only capture and save API keys in tightly constrained situations — which is consistent with the script's behavior. The script, however, will fetch arbitrary URLs returned in the API response (client.get(url_value)). If those URLs point to third-party or internal hosts, the script performs HTTP requests to them, which is broader network activity than 'just calling the API' and can lead to data leakage or SSRF-like risks.

✓ Install Mechanism

No install spec; this is instruction-only with a bundled script. Nothing is downloaded or executed from external installers during install, which is low risk.

⚠ Credentials

Requesting and persisting a single API key is reasonable for this task. But registry metadata claiming no required env vars conflicts with SKILL.md's param guard that requires an API Key (and maps it to env var NANO_BANANA_API_KEY). The script writes the API key to ~/.whaleclaw/credentials/nano_banana_api_key.txt (permission 600) which is expected, but the code also uses an http client to fetch arbitrary image URLs returned by the API — if that client forwards the Authorization header when fetching those URLs it could leak the saved API key to third-party/internal hosts.

ℹ Persistence & Privilege

The skill persists the API key and an optionally saved default model under the user's home directory (~/.whaleclaw). always: false, and it does not request system-wide changes or modify other skills. Persisting user API keys is expected behavior for a client tool, but the user should be aware keys are stored on disk.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install nano-banana-image-t8
安装完成后，直接呼叫该 Skill 的名称或使用 /nano-banana-image-t8 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.5

nano-banana-image-t8 v0.1.5 - Documentation updated in SKILL.md to improve clarity and instructions. - No changes to triggers, parameters, or core instructions—content refined for accuracy and consistency.

v0.1.3

- No code or configuration changes in this version. - No user-facing updates or behavior changes.

v1.0.3

No code or logic changes detected in this release. - Version bumped to 1.0.3 with no content or configuration changes. - No impact on features, user experience, or behavior.

v1.0.2

No user-visible changes in this version.

v1.0.1

- 增加“香蕉2”和“香蕉pro”作为外显模型名，隐藏底层模型标识，支持模型切换与默认模型持久化。 - 支持通过脚本参数持久化保存或查询默认模型，新增相关指令和文件落盘机制。 - 优化触发词，更明确支持中英文“香蕉/banana”关键词。 - 优化参数收集与确认流程，容量不足时不重复追问尺寸/比例，模型与 key 都能自动使用已保存值。 - 明确约定模型切换、参数追问与错误提示时的用户交互风格，减少无关解释，提升对话效率。

v0.1.0

Initial release of nano-banana-image-t8 skill. - Supports validation of Nano Banana image generation (文生图) and image editing (图生图) via command-line script integration. - Provides parameterized prompts for API Key, prompt text, output size/ratio, and image inputs where required. - Enforces secure API Key handling and restricts usage to the intended scenarios. - All API calls use the fixed base URL https://ai.t8star.cn. - Focuses on concise response and automation, suitable for real user end-to-end testing.

v1.0.0

Initial release of the Nano Banana image testing skill. - Supports both text-to-image and image-to-image testing for the `nano-banana-2` model. - Collects required parameters (API Key, prompt, and images) directly from user input, with API Key safely stored for reuse. - Enforces execution via provided scripts; backend script auto-detects mode and performs real API calls. - Ensures compliance with fixed API endpoint and blocks unsupported interactions or alternate endpoints. - Streamlines user prompts and parameter collection, avoiding unnecessary queries. - Returns concise results or structured errors, improving troubleshooting and user experience.

元数据

Slug nano-banana-image-t8

版本 0.1.5

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 7

常见问题

Nano Banana Image T8 是什么？

通过Nano Banana API完成文本生成图像和图像编辑，支持上传图片和自定义尺寸比例的生图测试和联调。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 550 次。

如何安装 Nano Banana Image T8？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nano-banana-image-t8」即可一键安装，无需额外配置。

Nano Banana Image T8 是免费的吗？

是的，Nano Banana Image T8 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Nano Banana Image T8 支持哪些平台？

Nano Banana Image T8 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Nano Banana Image T8？

由 flywhale（@flywhale-666）开发并维护，当前版本 v0.1.5。