nanobanana-skill
Generates and edits images using the Google Gemini API through the nanobanana tool, offering customizable options for output.
Install this skill
Security score
The nanobanana-skill skill was audited on Mar 3, 2026 and we found 13 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 14 | 2. **Python3 with depedent packages installed**: google-genai, Pillow, python-dotenv. They could be installed via `python3 -m pip install -r ${CLAUDE_PLUGIN_ROOT}/skills/nanobanana-skill/requirements. |
Template literal with variable interpolation in command context
| 15 | 3. **Executable**: `${CLAUDE_PLUGIN_ROOT}/skills/nanobanana-skill/nanobanana.py` |
Template literal with variable interpolation in command context
| 30 | ```bash |
Template literal with variable interpolation in command context
| 45 | ```bash |
Template literal with variable interpolation in command context
| 79 | ```bash |
Template literal with variable interpolation in command context
| 85 | ```bash |
Template literal with variable interpolation in command context
| 94 | ```bash |
Template literal with variable interpolation in command context
| 104 | ```bash |
Template literal with variable interpolation in command context
| 113 | ```bash |
Access to hidden dotfiles in home directory
| 13 | 1. **GEMINI_API_KEY**: Must be configured in `~/.nanobanana.env` or `export GEMINI_API_KEY=<your-api-key>` |
Access to hidden dotfiles in home directory
| 124 | - Check that `GEMINI_API_KEY` is exported or set in ~/.nanobanana.env |
Access to .env file
| 13 | 1. **GEMINI_API_KEY**: Must be configured in `~/.nanobanana.env` or `export GEMINI_API_KEY=<your-api-key>` |
Access to .env file
| 124 | - Check that `GEMINI_API_KEY` is exported or set in ~/.nanobanana.env |