← 返回 Skills 市场
feiskyer

Nanobanana Skill

作者 Pengfei Ni · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
997
总下载
1
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install nanobanana-skill
功能描述
Generate or edit images using Google Gemini API via nanobanana. Triggers: "nanobanana", "generate image", "create image", "edit image", "AI drawing", "图片生成",...
安全使用建议
This skill appears to implement an image-generation wrapper for Google Gemini, but the registry metadata failed to declare the required GEMINI_API_KEY. Before installing: (1) confirm the GEMINI_API_KEY requirement is added to the skill metadata or that you understand you must set it in ~/.nanobanana.env or your environment; (2) only use a dedicated API key with restricted quota/permissions; (3) review the included nanobanana.py yourself — it will read local input image files and write output images and uses the google-genai client; (4) install dependencies in a controlled environment (virtualenv) rather than system-wide; and (5) be cautious because the skill author/source is unknown and there is no homepage — prefer skills from known publishers or require the author to fix the metadata mismatch before trusting automatic invocation.
功能分析
Type: OpenClaw Skill Name: nanobanana-skill Version: 0.1.0 The skill is classified as suspicious due to a significant prompt injection vulnerability identified in `SKILL.md`. The instructions guide the AI agent to construct `bash` commands by directly embedding user-provided input (e.g., for `--prompt`, `--output`, `--input`) without explicit sanitization or escaping. This allows a malicious user to inject arbitrary shell commands, potentially leading to remote code execution and data exfiltration (e.g., of the `GEMINI_API_KEY` from `~/.nanobanana.env`), especially given the `allowed-tools` permission `Bash(python3:*)`.
能力评估
Purpose & Capability
The skill's code and SKILL.md both implement image generation/editing against Google Gemini, which matches the name/description. However the registry metadata lists no required environment variables while SKILL.md and the script require GEMINI_API_KEY (loaded from ~/.nanobanana.env or env). That metadata omission is an incoherence.
Instruction Scope
Runtime instructions are focused: collect a prompt/inputs, run the included nanobanana.py, and return the saved image path. The script only reads GEMINI_API_KEY (from env/dotenv) and local input files, and writes the output image; it does not reference unrelated system credentials or external endpoints beyond the Google GenAI client.
Install Mechanism
There is no install spec (instruction-only skill) and requirements.txt is standard. The SKILL.md suggests using pip to install listed packages; nothing is downloaded from untrusted URLs and there is no archive extraction.
Credentials
Only GEMINI_API_KEY is needed and that is appropriate for a Gemini client. The concern is that the registry metadata does not declare this required credential, so users may not be warned. The script reads dotenv from ~/.nanobanana.env which could contain secrets — expected for this purpose but should be clearly documented in the skill metadata.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide config changes, and only writes output image files. It does not modify other skills or agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nanobanana-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nanobanana-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of nanobanana-skill: - Adds integration with Google Gemini API for image generation and editing via the nanobanana tool. - Supports user-defined prompts, aspect ratios, resolutions, and model selection. - Provides command-line workflow for both generation and editing of images, including support for multiple input and output options. - Includes setup instructions, supported parameter values, sample usage commands, error troubleshooting, and best practice tips.
元数据
Slug nanobanana-skill
版本 0.1.0
许可证
累计安装 5
当前安装数 5
历史版本数 1
常见问题

Nanobanana Skill 是什么?

Generate or edit images using Google Gemini API via nanobanana. Triggers: "nanobanana", "generate image", "create image", "edit image", "AI drawing", "图片生成",... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 997 次。

如何安装 Nanobanana Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nanobanana-skill」即可一键安装,无需额外配置。

Nanobanana Skill 是免费的吗?

是的,Nanobanana Skill 完全免费(开源免费),可自由下载、安装和使用。

Nanobanana Skill 支持哪些平台?

Nanobanana Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nanobanana Skill?

由 Pengfei Ni(@feiskyer)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论