ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Publish Antigravity Rotator

Google Antigravity 模型全自动运维方案。提供多账号自动轮换、优先级调度、会话热更新以及赛博朋克风仪表盘。使用场景包括:(1) 自动化管理多个 Antigravity 账号,(2) 监控配额并自动切换,(3) 在不重启会话的情况下更新模型。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.3k · 1 current installs · 1 all-time installs
by@ChocomintX
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: the code reads OpenClaw auth profiles and model status, queries a quota API, refreshes OAuth tokens, and triggers rotations via the openclaw gateway. The files and CLI actions (setup/dashboard/rotate) are consistent with multi-account rotation and hot-update functionality.
Instruction Scope
SKILL.md instructs running setup, the dashboard, and a cron-driven rotate action; the implementation follows that. However, the runtime will read and write OpenClaw files (auth-profiles.json, model-status.json, rotation logs) and invoke system commands (openclaw gateway status) and external HTTP endpoints via curl. Those behaviors are necessary for the stated task but are high-sensitivity operations and should be called out to the user.
Install Mechanism
No install spec or external downloads; this is a Node script that runs with existing node/openclaw binaries and uses standard child_process/curl calls. No remote code fetch or archive extraction is performed by the skill itself.
!
Credentials
The skill does not require additional environment variables but it reads and updates the OpenClaw auth-profiles file (which contains access and refresh tokens) and writes updated tokens back. This is functionally necessary for token refresh/rotation, but it is sensitive: the skill has direct access to authentication material that can control accounts. Additionally, the repository includes a hard-coded clientId/clientSecret and default project ID — plausible for a shared 'Antigravity' client but potentially inappropriate if you expect only your own OAuth credentials to be used.
Persistence & Privilege
always:false (no forced always-on). The skill writes to OpenClaw workspace files (status DB, rotation logs) and updates auth-profiles, which will affect agent authentication state. Modifying these shared OpenClaw files is expected for an account rotator, but it means the skill can change credentials and the system's active session — review and backup your auth files before installing.
Assessment
This skill appears to implement the advertised Antigravity account rotation features, but it performs sensitive operations: it reads and updates your OpenClaw auth-profiles (refresh/access tokens), calls external endpoints (a quota API and Google OAuth token endpoint) and executes shell commands (openclaw, curl). Before installing or running: 1) Back up ~/.openclaw/agents/.../auth-profiles.json and any other OpenClaw workspace files it will modify. 2) Inspect the remainder of scripts/rotator.js (performRotation and warmup) to confirm there is no unexpected network exfiltration or unsafe operations — a truncated portion of rotator.js in the package makes a full audit necessary. 3) Consider replacing the bundled clientId/clientSecret with your own OAuth credentials if you want control over which project is used. 4) Run it in an isolated environment or test account first so token updates can't affect production accounts. 5) Note it uses execSync + curl; ensure PATH and config.json are correct to avoid accidental command injection through manipulated config. If you want, I can (a) scan the remaining truncated code for suspicious calls, or (b) produce a short checklist of the exact lines to inspect for exfil/privilege escalation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.1
Download zip
latestvk976sqezabctdm1342j1z660xn80mnjs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Antigravity Rotator (反重力轮换器) 🚀

本 Skill 旨在为 OpenClaw 提供一套确定性的 Google Antigravity 模型运维工作流。它将复杂的配额监控与自动化调度封装为简单的 Action。

🎯 触发场景 (When to use)

  • 当用户拥有多个 Antigravity 账号且希望自动最大化利用配额时。
  • 当主账号配额耗尽,需要无感切换(不重启会话)到备用账号时。
  • 当需要实时可视化监控所有账号状态和轮换历史时。

🛠️ 快速部署流程 (Quick Start)

1. 环境初始化 (必须执行)

进入 Skill 目录并运行 setup 脚本:

cd skills/antigravity-rotator
node index.js --action=setup

作用:自动探测 openclawnode 路径,并生成适配你系统的 config.json

2. 启动管理看板

node index.js --action=dashboard
  • 地址http://localhost:18090
  • 初始化账号:进入页面点击右上角 “同步凭证”,脚本会自动扫描并加载你已通过 openclaw models auth login 登录的账号。

3. 配置定时任务 (Cron)

为了让轮换全自动运行,必须在系统 crontab 中配置驱动:

# 每 10 分钟自动检查一次
*/10 * * * * [NODE_PATH] [SKILL_PATH]/index.js --action=rotate >> [LOG_PATH]/cron-rotate.log 2>&1

注:具体的路径请参考 node index.js --action=setup 运行后的输出结果。

📝 核心配置项详解 (config.json)

参数类型说明
openclawBinString关键openclaw 的绝对路径。
modelPriorityArray轮换优先级列表。排在前面的模型会被优先尝试。
quotas.lowNumber触发轮换的余量百分比阈值(建议 21)。
clientIdString(高级) Google OAuth 客户端 ID。默认为 Antigravity 通用 ID。
clientSecretString(高级) Google OAuth 客户端密钥。
defaultProjectIdString(高级) Google 项目 ID,影响配额查询接口。

🌟 核心特性

  • 会话热更新:利用 OpenClaw Gateway API,在后台悄悄更换模型,用户正在进行的对话完全不受影响。
  • 自动 Token 刷新:内置 Token 刷新逻辑,确保长期运行无需手动重新登录。
  • 模型激活 (Warmup):自动识别并激活“满血”但在计时外的模型,消除初次切换的延迟。
  • 透明化日志:看板实时展示轮换原因(如:调度更优模型、当前余量不足等)。

🤖 开发者资源

  • 入口: index.js
  • 逻辑引擎: scripts/rotator.js (配额查询与账号调度)
  • Web UI: scripts/dashboard.js (基于 http 模块的极简服务器)
  • 模板: assets/ 文件夹下包含详细的 JSON 模板和 Cron 示例。

Antigravity Rotator - 你的 Antigravity 永不宕机 🥵

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…