← 返回 Skills 市场
fyi0329-pixel

Nano Banana Openrouter

作者 fyi0329-pixel · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
621
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nano-banana-openrouter
功能描述
Generate images with Google's Nano Banana Gemini 2.5 Flash Image model via OpenRouter API using text prompts.
安全使用建议
Do not install or run this skill as-is. At minimum: (1) Remove the test file containing the hard-coded API key (test-gen.mjs) and rotate any exposed key immediately; treat it as compromised. (2) Remove or reduce embedded large base64 blobs (output.json) from the package (store examples elsewhere). (3) Update the skill metadata to declare required environment variables (OPENROUTER_API_KEY) so installers know a credential is needed. (4) Prefer removing test/demo network calls from the distributed bundle. (5) Verify the npm package sources (npmmirror entries) if you will npm install — use trusted registries. After these fixes, re-audit and only then consider installing. If you already used the exposed key anywhere, rotate it now.
功能分析
Type: OpenClaw Skill Name: nano-banana-openrouter Version: 1.0.0 The skill is classified as suspicious due to several vulnerabilities. The `index.ts` file directly concatenates user-provided `prompt` and `aspectRatio` into an external LLM API call, posing a prompt injection risk against the *external LLM* (not the OpenClaw agent) which could lead to unintended content generation or resource misuse. Additionally, the `test-gen.mjs` file hardcodes an API key, a significant security flaw that risks credential exposure. The `tsconfig.json` also disables strict type checking, indicating a potential for less robust code.
能力评估
Purpose & Capability
Name/description claim image generation via OpenRouter, which matches the code that POSTs to https://openrouter.ai. However metadata declares no required env vars, while SKILL.md and index.ts both expect OPENROUTER_API_KEY (with GEMINI_API_KEY as a fallback). The manifest/metadata omission is an incoherence that hides the need for credentials.
Instruction Scope
SKILL.md usage and model choices are scoped to image generation. But the repository includes extra runtime/test files that broaden scope: test-gen.mjs contains a network call with a hard-coded API key, save-img.mjs reads output.json and writes files, and output.json contains a very large base64 image. Those artifacts increase risk (credential leakage, accidental execution, and large embedded binary data) beyond the SKILL.md instructions.
Install Mechanism
No formal install spec (instruction-only) which is low-risk. The package.json/package-lock present indicate node-fetch is a dependency — reasonable for fetch-based code. package-lock references the 'npmmirror.com' registry mirror instead of the default npm registry; atypical but not automatically malicious.
Credentials
The skill requires an OpenRouter API key to operate (SKILL.md explicitly asks to set OPENROUTER_API_KEY and index.ts reads it), but the registered requirements list none — mismatch. Worse: test-gen.mjs contains a hard-coded API key literal (sk-or-v1-46da90…); including a plaintext credential in the bundle is a serious security issue and indicates either careless handling of secrets or leaked credentials.
Persistence & Privilege
No 'always: true' or persistent privileged behavior. SKILL.md asks the user to add the key to openclaw.json (normal for service integrations). The skill does not request system-wide config changes or modify other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nano-banana-openrouter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nano-banana-openrouter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release for Nano Banana OpenRouter Skill: - Generate images using Google’s Nano Banana (Gemini 2.5 Flash Image) models with OpenRouter API. - Simple API key configuration via `openclaw.json` or `OPENROUTER_API_KEY` environment variable. - Includes tool: `nano_banana_generate` for easy image creation. - Supports both free and high-quality image models. - Handles necessary OpenRouter headers and image modality automatically.
元数据
Slug nano-banana-openrouter
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Nano Banana Openrouter 是什么?

Generate images with Google's Nano Banana Gemini 2.5 Flash Image model via OpenRouter API using text prompts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 621 次。

如何安装 Nano Banana Openrouter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nano-banana-openrouter」即可一键安装,无需额外配置。

Nano Banana Openrouter 是免费的吗?

是的,Nano Banana Openrouter 完全免费(开源免费),可自由下载、安装和使用。

Nano Banana Openrouter 支持哪些平台?

Nano Banana Openrouter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nano Banana Openrouter?

由 fyi0329-pixel(@fyi0329-pixel)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论