Skills
skills/evolinkai/nano-banana-2-skill-for-openclaw/evolink-nano-banana-2/Gen Agent Trust Hub

evolink-nano-banana-2

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation references and recommends the use of the official vendor-owned npm package @evolinkai/evolink-media for establishing an MCP server bridge.
  • [COMMAND_EXECUTION]: The skill includes a bash utility scripts/evolink-image-gen.sh that utilizes standard system commands curl and jq to facilitate communication with the EvoLink generation and task APIs.
  • [CREDENTIALS_UNSAFE]: Authentication is handled via a user-provided EVOLINK_API_KEY stored in environment variables, which is the standard secure practice for this vendor's API integration.
  • [PROMPT_INJECTION]:
  • Ingestion points: User-provided text is ingested through the prompt parameter in the generate_image tool and the CLI script scripts/evolink-image-gen.sh.
  • Boundary markers: The skill passes user prompts to the API as structured JSON data without additional encapsulation.
  • Capability inventory: The skill's scripts utilize curl for network communication and jq for data processing.
  • Sanitization: The provided shell script employs jq to safely serialize user input into JSON payloads, effectively preventing shell command injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 01:40 AM