← 返回 Skills 市场
Nano Banana Pro Enhanced
作者
Choi Jiheon
· GitHub ↗
· v1.0.1
396
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install nano-banana-pro-enhanced
功能描述
Generate or edit images via Gemini 3 Pro Image (Nano Banana Pro).
安全使用建议
What to check before installing: 1) Confirm that you are comfortable with input images and (potentially sensitive) prompts being uploaded to Google's Gemini API — the script will call client.files.upload for edits. 2) Inspect and, if needed, change PENDING_JOBS_PATH in scripts/generate_image.py so pending-batch-jobs.json is stored inside a controlled skill directory (not four levels up into an ambiguous filesystem location). 3) Avoid following the SKILL.md advice to record detailed reasons for requests in HEARTBEAT.md (or ensure that file is in a private, ephemeral workspace) because it explicitly instructs the agent to persist human-readable context. 4) If you do not want persistent background checks, do not schedule cronjobs suggested by the SKILL.md; instead perform manual batch checks. 5) Verify how uv will install Python dependencies (google-genai, pillow) in your environment. If these concerns are addressed (pending-jobs path constrained, HEARTBEAT.md guidance removed or limited), the skill would be coherent with its purpose; as-is, treat it with caution.
功能分析
Type: OpenClaw Skill
Name: nano-banana-pro-enhanced
Version: 1.0.1
The skill is suspicious due to multiple critical vulnerabilities. The `SKILL.md` contains prompt injection vectors, instructing the agent to write user-provided context into `HEARTBEAT.md` and to create cronjobs based on user requests, which could lead to arbitrary command execution or agent manipulation. Additionally, the `scripts/generate_image.py` script is vulnerable to path traversal via the `--filename`, `--batch-file`, and `--input-image` arguments, allowing for arbitrary file writes and reads outside the skill's intended directory.
能力评估
Purpose & Capability
Name, description, required binary (uv), and GEMINI_API_KEY align with an image-generation wrapper for Gemini. The bundled Python script and declared dependencies (google-genai, pillow) are coherent with the stated purpose. Minor mismatch: SKILL.md references setting keys in ~/.clawdbot/clawdbot.json, but the script itself only reads env var or cmdline arg for the API key.
Instruction Scope
SKILL.md instructs agents to add an explicit contextual note ('why this image was requested') to a shared HEARTBEAT.md and suggests using cronjobs for timed checks — this asks the agent to create and persist human-readable context which may contain sensitive information. The script also persists pending batch job metadata to a filesystem path (memory/pending-batch-jobs.json). Writing persistent context and 'why' notes is outside pure image-generation and risks leaking user prompts and intent.
Install Mechanism
Install uses a Brew formula (uv) which is a standard package source for the declared runtime binary. The Python dependencies are declared in script comments (likely for uv to manage) but are not explicitly installed in the install spec; this is common with uv-managed scripts but the installer behavior should be confirmed.
Credentials
Only GEMINI_API_KEY is required as an env var (declared as primary credential), which is appropriate for a Gemini integration. The script will upload input images to Google's API for editing (client.files.upload), which is expected for an editing feature but should be explicit to users because local images are transmitted to an external service.
Persistence & Privilege
The script writes pending batch job metadata to PENDING_JOBS_PATH computed as Path(__file__).resolve().parent.parent.parent.parent / 'memory' / 'pending-batch-jobs.json' — this climbs four directory levels and may create or modify files outside the skill package directory depending on where the skill is installed. Combined with SKILL.md asking agents to write HEARTBEAT.md and use cronjobs, this gives the skill a persistent footprint that can store user prompts and intent on disk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nano-banana-pro-enhanced - 安装完成后,直接呼叫该 Skill 的名称或使用
/nano-banana-pro-enhanced触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Clarified batch job checklist: now requires including the reason/context for the image request in HEARTBEAT.md, so intent is clear after session resets.
- No code or logic changes; documentation update only.
v1.0.0
Based on the existing Nano Banana Pro skill, I've updated it to support submitting aspect ratio and placement commands.
- Initial release of Nano Banana Pro Enhanced: Image generation and editing using Gemini 3 Pro.
- Supports both single and batch image creation, with detailed CLI instructions.
- Introduces non-blocking batch processing and job tracking via JSON files.
- Adds support for multiple resolutions (1K, 2K, 4K) and a range of aspect ratios for generation.
- Authentication via GEMINI_API_KEY environment variable.
- Provides guidelines for media delivery and batch job monitoring.
元数据
常见问题
Nano Banana Pro Enhanced 是什么?
Generate or edit images via Gemini 3 Pro Image (Nano Banana Pro). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 396 次。
如何安装 Nano Banana Pro Enhanced?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nano-banana-pro-enhanced」即可一键安装,无需额外配置。
Nano Banana Pro Enhanced 是免费的吗?
是的,Nano Banana Pro Enhanced 完全免费(开源免费),可自由下载、安装和使用。
Nano Banana Pro Enhanced 支持哪些平台?
Nano Banana Pro Enhanced 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nano Banana Pro Enhanced?
由 Choi Jiheon(@steamb23)开发并维护,当前版本 v1.0.1。
推荐 Skills