README.md
A security-hardened MCP server for generating and editing images via Gemini.
nanobanana-mcp
A hardened MCP server for Gemini image generation. Fork of ConechoAI/Nano-Banana-MCP with security fixes, strict TypeScript, and model selection.
Features
- 3 tools:
generate_image,edit_image,continue_editing - Model selection via
NANOBANANA_MODELenv var with whitelist validation - Security hardened: path traversal protection, file size limits, no plaintext key storage
- Strict TypeScript: zero
anytypes, Zod validation on all inputs
Quick Start
Claude Code
Add to ~/.claude/settings.json:
{
"mcpServers": {
"nanobanana": {
"command": "npx",
"args": ["tsx", "/path/to/nanobanana-mcp/src/index.ts"],
"env": {
"GEMINI_API_KEY": "your-api-key",
"NANOBANANA_MODEL": "gemini-2.5-flash-image"
}
}
}
}
Other MCP Clients
GEMINI_API_KEY=your-key npx tsx src/index.ts
The server communicates over stdio using the MCP protocol.
Tools
`generate_image`
Generate a new image from a text prompt.
prompt (required): Text describing the image to create (max 10,000 chars)
`edit_image`
Edit an existing image with a text prompt.
imagePath (required): Full file path to the image to edit
prompt (required): Text describing the modifications (max 10,000 chars)
referenceImages (optional): Array of file paths to reference images
`continue_editing`
Continue editing the last generated/edited image in the current session.
prompt (required): Text describing changes to make (max 10,000 chars)
referenceImages (optional): Array of file paths to reference images
Configuration
All configuration is via environment variables. No config files are written to disk.
| Variable | Required | Description |
|---|---|---|
GEMINI_API_KEY |
Yes | Google Gemini API key |
NANOBANANA_GEMINI_API_KEY |
No | Override for GEMINI_API_KEY (takes priority) |
NANOBANANA_MODEL |
No | Model to use (see below) |
Available Models
| Model ID | Description |
|---|---|
gemini-2.5-flash-image |
Fast generation, good for high-volume use (default) |
gemini-3-pro-image-preview |
Pro quality, complex prompts, better text rendering |
gemini-3.1-flash-image-preview |
Latest model, advanced features |
Output
Generated images are saved to ~/nanobanana-images/ with unique filenames. The tool response includes both the file path and the image data inline.
Security
This fork addresses the following security issues from the original:
| Issue | Fix |
|---|---|
| API key saved to disk in plaintext | Removed config file persistence entirely |
configure_gemini_token tool accepts key via MCP |
Tool removed; keys only via env vars |
Path traversal in editImage |
validatePath() checks paths resolve within $HOME or $TMPDIR |
| No prompt length validation | Capped at 10,000 chars via Zod |
| Hardcoded model | NANOBANANA_MODEL env var with whitelist |
| Silent swallowing of reference image errors | Errors now thrown and reported |
Math.random() for filenames |
crypto.randomUUID() |
| No file size limit on reads | Max 20MB |
| Verbose errors leak internal paths | Sanitized error messages |
process.cwd() fallback for output dir |
Fixed to ~/nanobanana-images/ |
Development
npm install
npm run typecheck # Type check without emitting
npm run dev # Run with tsx (hot reload)
npm run build # Compile to dist/
Project Structure
src/
index.ts # MCP server entry point (3 tool handlers)
gemini-client.ts # Gemini API wrapper with model selection
file-handler.ts # Secure file I/O with path validation
types.ts # TypeScript interfaces and Zod schemas
License
MIT - Based on ConechoAI/Nano-Banana-MCP
Tools (3)
generate_imageGenerate a new image from a text prompt.edit_imageEdit an existing image with a text prompt.continue_editingContinue editing the last generated or edited image in the current session.Environment Variables
GEMINI_API_KEYrequiredGoogle Gemini API keyNANOBANANA_GEMINI_API_KEYOverride for GEMINI_API_KEYNANOBANANA_MODELModel to use (e.g., gemini-2.5-flash-image)Configuration
claude_desktop_config.json
{"mcpServers": {"nanobanana": {"command": "npx", "args": ["tsx", "/path/to/nanobanana-mcp/src/index.ts"], "env": {"GEMINI_API_KEY": "your-api-key", "NANOBANANA_MODEL": "gemini-2.5-flash-image"}}}}Try it
→Generate an image of a futuristic city skyline at sunset.
→Edit the image at ~/nanobanana-images/example.png to add a flying car in the sky.
→Continue editing the last image by changing the color palette to cyberpunk neon.
→Create a high-quality image of a mountain landscape using the pro model.