nano-banana-2
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the image-generation purpose is coherent, but the skill outsources core execution to another installable skill/CLI, uses a mutable raw GitHub install reference, and forwards login credentials to third-party tooling. This looks more like a risky trust-chain and credential-exposure pattern than confirmed malware.
Confidence: 82%Severity: 74%
Audit Metadata