Skills
skills/leegonzales/aiskills/nano-banana/Socket

nano-banana

Warn

Audited by Socket on May 12, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose is coherent, but it relies on third-party MCP packages installed via unpinned npx and forwards a Gemini API key into that code. The main concern is supply-chain and credential-forwarding risk, not confirmed malicious behavior; the documentation also appears to understate that generation flows to external Gemini services.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
May 12, 2026, 03:30 AM
Package URL
pkg:socket/skills-sh/leegonzales%2Faiskills%2Fnano-banana%2F@f597b0549b7a5a83c95c768799dfd45cb641d797