kie-nano-banana-pro Security Report — Low Risk | ClawSafe

25 /100

kie-nano-banana-pro

Kie AI Nano Banana Pro 官方生图助手 - 通过 Kie AI API 调用 Google Nano Banana Pro 模型生成高质量图像

This skill contains only documentation with no actual implementation code. The primary concern is an unusual product brand name ('Nano Banana Pro') not recognized as a legitimate Google service, and undocumented network behavior in the description.

Skill Namekie-nano-banana-pro

Duration34.8s

Enginepi

✓

Safe to install

Verify the legitimacy of Kie AI and the 'Nano Banana Pro' product before use. Request actual implementation code for security review before deployment.

Findings 3 items

Severity	Finding	Location
Medium	Missing capability declaration for network access SKILL.md documents HTTP POST requests to api.kie.ai for API calls, but allowedTools in skill.json is empty ([]). This API behavior should be declared. `allowedTools: []` → Add network:READ or network:WRITE to allowedTools if network calls are intended	`skill.json:1`
Low	Unverified product legitimacy The 'Nano Banana Pro' brand and 'kie.ai' service are not well-known established providers. Product name 'Nano Banana' is unusual for Google. `Google Nano Banana Pro 模型官方生图助手` → Verify kie.ai is a legitimate service provider before trusting with API keys	`SKILL.md:1`
Low	No implementation code to audit This skill contains only documentation files (SKILL.md, README.md) and metadata. There is no actual implementation code to verify behavior matches documentation. `Only documentation files present` → Request actual implementation code (scripts) before security approval	`N/A`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in skill
Network	`NONE`	`READ (described)`	✗ Violation	SKILL.md:64 describes POST to api.kie.ai but not declared in allowedTools

11 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/version-1.0.0-blue.svg

README.md:5

🔗

Medium External URL 外部 URL

https://clawhub.ai/skills/kie-nano-banana-pro

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/license-MIT-green.svg

README.md:6

🔗

Medium External URL 外部 URL

https://docs.kie.ai/market/google/pro-image-to-image

README.md:14

🔗

Medium External URL 外部 URL

https://kie.ai/api-key

README.md:28

🔗

Medium External URL 外部 URL

https://api.myshop.com/callback

README.md:46

🔗

Medium External URL 外部 URL

https://your-domain.com/api/callback

README.md:84

🔗

Medium External URL 外部 URL

https://api.kie.ai/api/v1/jobs/createTask

SKILL.md:55

🔗

Medium External URL 外部 URL

https://api.myshop.com/api/callback

SKILL.md:250

🔗

Medium External URL 外部 URL

https://docs.kie.ai/common-api/get-task-detail

SKILL.md:331

🔗

Medium External URL 外部 URL

https://docs.kie.ai/common-api/webhook-verification

SKILL.md:332

File Tree

4 files · 12.2 KB · 591 lines

Markdown 2f · 524L JSON 2f · 67L

├─ 📋 package.json JSON 19L · 410 B

├─ 📝 README.md Markdown 180L · 3.5 KB

├─ 📋 skill.json JSON 48L · 1.1 KB

└─ 📝 SKILL.md Markdown 344L · 7.1 KB

Security Positives

✓ No shell execution or subprocess calls detected

✓ No file system writes documented or implemented

✓ No credential harvesting behavior observed

✓ No obfuscated or encoded content found

✓ No suspicious network indicators (no direct IPs, no base64 encoded commands)

Scan Report

Findings 3 items

File Tree

Security Positives