Skip to main content

nano-banana

Generates and edits images using Google's Gemini API for text-to-image and image manipulation tasks.

Install this skill

or
55/100

Security score

The nano-banana skill was audited on May 16, 2026 and we found 17 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 54

Curl to non-GitHub URL

SourceSKILL.md
54curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
medium line 60

Curl to non-GitHub URL

SourceSKILL.md
60curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/j
medium line 113

Curl to non-GitHub URL

SourceSKILL.md
113curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
medium line 134

Curl to non-GitHub URL

SourceSKILL.md
134curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/j
medium line 157

Curl to non-GitHub URL

SourceSKILL.md
157curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
medium line 175

Curl to non-GitHub URL

SourceSKILL.md
175curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
medium line 225

Base64 decode operation

SourceSKILL.md
2254. **Output is Base64, never a URL** — decode `inline_data.data` and write bytes directly to disk. The `mime_type` tells you the extension (`png` / `jpeg` / `webp`).
low line 10

External URL reference

SourceSKILL.md
10> Official docs: `https://ai.google.dev/gemini-api/docs/image-generation`
low line 27

External URL reference

SourceSKILL.md
27Connect the **Nano Banana** connector at [app.vm0.ai/connectors](https://app.vm0.ai/connectors). Enabling the connector provisions `NANO_BANANA_TOKEN` — no Google Cloud account or user-supplied key is
low line 29

External URL reference

SourceSKILL.md
29> **Troubleshooting:** If requests fail, run `zero doctor check-connector --env-name NANO_BANANA_TOKEN` or `zero doctor check-connector --url https://generativelanguage.googleapis.com/v1beta/models/ge
low line 35

External URL reference

SourceSKILL.md
35All calls hit `POST https://generativelanguage.googleapis.com/v1beta/models/<model>:generateContent` with header `x-goog-api-key: $NANO_BANANA_TOKEN`. The output image comes back Base64-encoded in `ca
low line 54

External URL reference

SourceSKILL.md
54curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
low line 60

External URL reference

SourceSKILL.md
60curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/j
low line 113

External URL reference

SourceSKILL.md
113curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
low line 134

External URL reference

SourceSKILL.md
134curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/j
low line 157

External URL reference

SourceSKILL.md
157curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
low line 175

External URL reference

SourceSKILL.md
175curl -s -X POST "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash-image:generateContent" --header "x-goog-api-key: $NANO_BANANA_TOKEN" --header "Content-Type: application/json"
Scanned on May 16, 2026
View Security Dashboard
Installation guide →
GitHub Stars 60
Rate this skill
Categorymarketing
UpdatedMay 20, 2026
openclawapicontent-marketergraphic-designerux-designergoogle-geminimarketingdesign
vm0-ai/vm0-skills