kie-nano-banana-pro 安全扫描报告 — 低风险 | ClawSafe

25 /100

kie-nano-banana-pro

Kie AI Nano Banana Pro 官方生图助手 - 通过 Kie AI API 调用 Google Nano Banana Pro 模型生成高质量图像

This skill contains only documentation with no actual implementation code. The primary concern is an unusual product brand name ('Nano Banana Pro') not recognized as a legitimate Google service, and undocumented network behavior in the description.

技能名称kie-nano-banana-pro

分析耗时34.8s

引擎pi

✓

可以安装

Verify the legitimacy of Kie AI and the 'Nano Banana Pro' product before use. Request actual implementation code for security review before deployment.

安全发现 3 项

严重性	安全发现	位置
中危	Missing capability declaration for network access SKILL.md documents HTTP POST requests to api.kie.ai for API calls, but allowedTools in skill.json is empty ([]). This API behavior should be declared. `allowedTools: []` → Add network:READ or network:WRITE to allowedTools if network calls are intended	`skill.json:1`
低危	Unverified product legitimacy The 'Nano Banana Pro' brand and 'kie.ai' service are not well-known established providers. Product name 'Nano Banana' is unusual for Google. `Google Nano Banana Pro 模型官方生图助手` → Verify kie.ai is a legitimate service provider before trusting with API keys	`SKILL.md:1`
低危	No implementation code to audit This skill contains only documentation files (SKILL.md, README.md) and metadata. There is no actual implementation code to verify behavior matches documentation. `Only documentation files present` → Request actual implementation code (scripts) before security approval	`N/A`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in skill
网络访问	`NONE`	`READ (described)`	✗ 越权	SKILL.md:64 describes POST to api.kie.ai but not declared in allowedTools

11 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/version-1.0.0-blue.svg

README.md:5

🔗

中危外部 URL 外部 URL

https://clawhub.ai/skills/kie-nano-banana-pro

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/license-MIT-green.svg

README.md:6

🔗

中危外部 URL 外部 URL

https://docs.kie.ai/market/google/pro-image-to-image

README.md:14

🔗

中危外部 URL 外部 URL

https://kie.ai/api-key

README.md:28

🔗

中危外部 URL 外部 URL

https://api.myshop.com/callback

README.md:46

🔗

中危外部 URL 外部 URL

https://your-domain.com/api/callback

README.md:84

🔗

中危外部 URL 外部 URL

https://api.kie.ai/api/v1/jobs/createTask

SKILL.md:55

🔗

中危外部 URL 外部 URL

https://api.myshop.com/api/callback

SKILL.md:250

🔗

中危外部 URL 外部 URL

https://docs.kie.ai/common-api/get-task-detail

SKILL.md:331

🔗

中危外部 URL 外部 URL

https://docs.kie.ai/common-api/webhook-verification

SKILL.md:332

目录结构

4 文件 · 12.2 KB · 591 行

Markdown 2f · 524L JSON 2f · 67L

├─ 📋 package.json JSON 19L · 410 B

├─ 📝 README.md Markdown 180L · 3.5 KB

├─ 📋 skill.json JSON 48L · 1.1 KB

└─ 📝 SKILL.md Markdown 344L · 7.1 KB

安全亮点

✓ No shell execution or subprocess calls detected

✓ No file system writes documented or implemented

✓ No credential harvesting behavior observed

✓ No obfuscated or encoded content found

✓ No suspicious network indicators (no direct IPs, no base64 encoded commands)