nanobanana-mcp

nanobanana-mcp

A security-hardened MCP server for generating and editing images using Google Gemini models. It provides tools for text-to-image creation and iterative image editing with strict input validation and secure file handling.

Category
Visit Server

README

nanobanana-mcp

A hardened MCP server for Gemini image generation. Fork of ConechoAI/Nano-Banana-MCP with security fixes, strict TypeScript, and model selection.

Features

  • 3 tools: generate_image, edit_image, continue_editing
  • Model selection via NANOBANANA_MODEL env var with whitelist validation
  • Security hardened: path traversal protection, file size limits, no plaintext key storage
  • Strict TypeScript: zero any types, Zod validation on all inputs

Quick Start

Claude Code

Add to ~/.claude/settings.json:

{
  "mcpServers": {
    "nanobanana": {
      "command": "npx",
      "args": ["tsx", "/path/to/nanobanana-mcp/src/index.ts"],
      "env": {
        "GEMINI_API_KEY": "your-api-key",
        "NANOBANANA_MODEL": "gemini-2.5-flash-image"
      }
    }
  }
}

Other MCP Clients

GEMINI_API_KEY=your-key npx tsx src/index.ts

The server communicates over stdio using the MCP protocol.

Tools

generate_image

Generate a new image from a text prompt.

prompt (required): Text describing the image to create (max 10,000 chars)

edit_image

Edit an existing image with a text prompt.

imagePath (required): Full file path to the image to edit
prompt (required): Text describing the modifications (max 10,000 chars)
referenceImages (optional): Array of file paths to reference images

continue_editing

Continue editing the last generated/edited image in the current session.

prompt (required): Text describing changes to make (max 10,000 chars)
referenceImages (optional): Array of file paths to reference images

Configuration

All configuration is via environment variables. No config files are written to disk.

Variable Required Description
GEMINI_API_KEY Yes Google Gemini API key
NANOBANANA_GEMINI_API_KEY No Override for GEMINI_API_KEY (takes priority)
NANOBANANA_MODEL No Model to use (see below)

Available Models

Model ID Description
gemini-2.5-flash-image Fast generation, good for high-volume use (default)
gemini-3-pro-image-preview Pro quality, complex prompts, better text rendering
gemini-3.1-flash-image-preview Latest model, advanced features

Output

Generated images are saved to ~/nanobanana-images/ with unique filenames. The tool response includes both the file path and the image data inline.

Security

This fork addresses the following security issues from the original:

Issue Fix
API key saved to disk in plaintext Removed config file persistence entirely
configure_gemini_token tool accepts key via MCP Tool removed; keys only via env vars
Path traversal in editImage validatePath() checks paths resolve within $HOME or $TMPDIR
No prompt length validation Capped at 10,000 chars via Zod
Hardcoded model NANOBANANA_MODEL env var with whitelist
Silent swallowing of reference image errors Errors now thrown and reported
Math.random() for filenames crypto.randomUUID()
No file size limit on reads Max 20MB
Verbose errors leak internal paths Sanitized error messages
process.cwd() fallback for output dir Fixed to ~/nanobanana-images/

Development

npm install
npm run typecheck   # Type check without emitting
npm run dev         # Run with tsx (hot reload)
npm run build       # Compile to dist/

Project Structure

src/
  index.ts          # MCP server entry point (3 tool handlers)
  gemini-client.ts  # Gemini API wrapper with model selection
  file-handler.ts   # Secure file I/O with path validation
  types.ts          # TypeScript interfaces and Zod schemas

License

MIT - Based on ConechoAI/Nano-Banana-MCP

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured