← 返回 Skills 市场
moxunjinmu

Nanobanana

作者 莫循 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
255
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install nanobanana
功能描述
Nano Banana 2 Pro AI 图像生成工具。当用户提到"生图"、"生成图片"、"AI画图"、"nano banana"、"nanobanana"、或需要调用 Nano Banana API 生成/编辑图片时触发。支持文本生成图片、图片编辑(以图生图)、多模态对话。
安全使用建议
This skill runs a Node script that sends your prompts and any local images you pass to a remote API at https://claw.cjcook.site. Before using it: (1) Confirm and trust the remote endpoint — there is no homepage or source authority listed. (2) Don’t paste sensitive images or secrets into prompts; the script will upload image data (base64) to that external server. (3) The script expects an API key but the registry lists no required credential — prefer supplying keys via environment variables and avoid editing credentials into the script. (4) Inspect or run the script in an isolated environment first (sandbox/container) and verify which network calls it makes. (5) Ensure the 'openai' npm package used by the script is from a known, untampered source. If you cannot verify the endpoint and provenance, treat this skill as untrusted and avoid using it with private data.
功能分析
Type: OpenClaw Skill Name: nanobanana Version: 1.0.2 The skill facilitates image generation and editing by interacting with a third-party API endpoint (https://claw.cjcook.site/v1). While the code in `scripts/nanobanana.js` appears to fulfill its stated purpose, it contains a significant vulnerability: it reads arbitrary local files via the `--image` argument and transmits their base64-encoded content to the remote server without any path validation or file-type verification. This allows for potential data exfiltration if the AI agent is manipulated into 'editing' sensitive files (e.g., SSH keys or configuration files). Additionally, the use of a non-existent model name ('gemini-3.1-flash-image') and a future-dated timestamp in `_meta.json` are unusual indicators.
能力评估
Purpose & Capability
The code implements an image-generation/editing CLI consistent with the skill description, but it points to a custom baseURL (https://claw.cjcook.site/v1) rather than a documented Nano Banana or official provider endpoint. The registry declares no required credentials, yet the script requires an API key (CONFIG.apiKey) stored in the script; this mismatch between declared requirements and the actual configuration is concerning.
Instruction Scope
Runtime instructions and the script read local image files (expected for image editing) and convert them to base64, then transmit them (and user prompts) to the configured remote API. Transmitting local files to an external, non-official endpoint is a material privacy/exfiltration risk and is not made explicit in the registry metadata or SKILL.md beyond the single baseURL/config example.
Install Mechanism
No install spec is present (instruction-only skill with an included script). There are no downloads or archive extraction steps. The script relies on the 'openai' npm package which SKILL.md claims is preinstalled in a workspace path; that is unusual but not an install-time risk from the skill itself.
Credentials
The registry declares no required environment variables or credentials, but the script requires an API key (CONFIG.apiKey) to be set in the file. This is inconsistent and increases risk: users might run the script without realizing they must place secrets into the code, or they may inadvertently leak local images/inputs to an unexpected remote service. The SKILL.md also references a specific local node_modules path, which is environment-specific and odd.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills or system-wide configuration, and will only act when invoked. No elevated platform privileges are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nanobanana
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nanobanana 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
安全修复:移除泄露的 API Key,改为环境变量
v1.0.1
fix: 移除泄露的 API Key,改为环境变量
v1.0.0
初始版本:支持文本生成图片、图片编辑、多模态对话
元数据
Slug nanobanana
版本 1.0.2
许可证 MIT-0
累计安装 2
当前安装数 1
历史版本数 3
常见问题

Nanobanana 是什么?

Nano Banana 2 Pro AI 图像生成工具。当用户提到"生图"、"生成图片"、"AI画图"、"nano banana"、"nanobanana"、或需要调用 Nano Banana API 生成/编辑图片时触发。支持文本生成图片、图片编辑(以图生图)、多模态对话。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 255 次。

如何安装 Nanobanana?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nanobanana」即可一键安装,无需额外配置。

Nanobanana 是免费的吗?

是的,Nanobanana 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Nanobanana 支持哪些平台?

Nanobanana 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nanobanana?

由 莫循(@moxunjinmu)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论