Nano Banana Pro

Scanned on 2/7/2026

✅72/100low

Legitimate image generation tool with proper API key handling, but has path traversal vulnerabilities and unrestricted file system write access.

Trust Score

72/100

Risk Level

medium

Issues Found

Security Analysis

This script is a legitimate image generation tool using Google's Gemini API. The primary security concerns are filesystem-related: the script allows writing to arbitrary file paths via the --filename argument and reading from arbitrary paths via --input-image, creating path traversal vulnerabilities. An attacker could potentially overwrite system files or read sensitive files. The network calls to Google's API are expected for this functionality, though user data (prompts and images) is transmitted externally. API key handling is generally good, preferring environment variables, though command-line exposure is a minor concern. No malicious code execution, obfuscation, or credential theft patterns detected. The trust score of 72 reflects a functional tool with legitimate purpose but requiring filesystem access restrictions before production use.

Security Findings

high - filesystem

Unrestricted file path writing allows arbitrary file system access - user-controlled filename argument can write to any location with path traversal

Evidence:

output_path = Path(args.filename)
output_path.parent.mkdir(parents=True, exist_ok=True)
...save(str(output_path), 'PNG')

Recommendation: Restrict output to a safe directory (e.g., ./outputs/). Validate filename to prevent path traversal: reject paths containing '..' or absolute paths. Use: output_path = Path('./outputs') / Path(args.filename).name

medium - filesystem

Unrestricted input image file reading allows reading arbitrary files from the file system

Evidence:

for img_path in args.input_images:
    try:
        img = PILImage.open(img_path)

Recommendation: Validate input image paths to ensure they are within expected directories. Check file extensions and reject suspicious paths containing '..' or absolute paths to sensitive locations.

medium - network

Network calls to external API endpoint with user-controlled content - potential for data exfiltration via prompts

Evidence:

response = client.models.generate_content(
    model="gemini-3-pro-image-preview",
    contents=contents,

Recommendation: Document that user prompts and images are sent to Google's API. Consider implementing content filtering or size limits to prevent abuse. Ensure users are aware of data transmission.

low - credentials

API key passed via command line argument is visible in process listings

Evidence:

parser.add_argument(
    "--api-key", "-k",
    help="Gemini API key (overrides GEMINI_API_KEY env var)"

Recommendation: Prefer environment variable over command-line argument for API keys. Add warning in documentation that command-line keys may be visible to other users on the system.

info - code-execution

Dynamic imports after argument parsing - minor delay but no security risk

Evidence:

from google import genai
from google.genai import types
from PIL import Image as PILImage

Recommendation: No action needed - this is actually good practice to fail fast on missing API key before slow imports.

✅ Good Security Practices

✓No use of eval(), exec(), or subprocess for code execution
✓API key properly retrieved from environment variables as primary method
✓Proper error handling with informative messages
✓No obfuscation or encoded payloads detected
✓Uses legitimate Google GenAI library
✓Input validation for image count (max 14 images)
✓Clear documentation and usage examples
✓Explicit error messages without exposing sensitive data

Source Information

ClawHub Page:clawhub.com/skills/nano-banana-pro →

Source URL:/opt/homebrew/lib/node_modules/openclaw/skills/nano-banana-pro

Code Size:6,542 characters

Semgrep Findings:0