Publish Antigravity Rotator
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent with its stated purpose, but it handles and rewrites OpenClaw Google credentials, runs shell/curl commands containing tokens, and encourages persistent automatic rotation.
Install only if you explicitly want automated multi-account Antigravity rotation. Before enabling it, inspect the full source, back up your .openclaw auth profile, use dedicated accounts if possible, and avoid the cron job unless you are comfortable with ongoing token refresh and automatic session/model changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use and modify logged-in Google Antigravity account credentials and switch which account OpenClaw uses.
The rotator reads OpenClaw auth profiles, uses stored refresh tokens to mint new access tokens, and writes updated credentials back. This is high-impact account/session authority, especially because metadata declares no primary credential.
const authData = this.readJson(this.paths.authProfiles); ... token = await this.refreshAccessToken(profile.refresh); ... if (authUpdated) this.writeJson(this.paths.authProfiles, authData);
Use only with accounts you intentionally dedicate to rotation; back up auth-profiles.json first and verify every account listed in config.json.
Local processes or unsafe config/profile contents could compromise tokens or cause unintended shell behavior.
OAuth refresh data is placed into a shell command executed through execSync. That can expose sensitive values through process arguments and adds shell-injection risk if config or profile values are ever attacker-controlled.
const cmd = `curl -s --connect-timeout 10 --retry 1 -X POST "${this.REFRESH_TOKEN_URL}" -d "${postData}"`; ... const output = execSync(cmd, { encoding: 'utf8', timeout: 35000 });Prefer Node HTTPS APIs over shelling out to curl, avoid placing tokens on command lines, and strictly validate/escape all config and auth-profile values.
The rotator may continue changing active models or accounts long after the initial setup.
The documented workflow asks the user to create a persistent cron job that runs rotation every 10 minutes. This is disclosed, but it keeps operating and mutating account/model state without per-run approval.
为了让轮换全自动运行,必须在系统 `crontab` 中配置驱动: ... */10 * * * * [NODE_PATH] [SKILL_PATH]/index.js --action=rotate
Do not enable the cron job unless continuous automatic rotation is desired; document how to disable it and review logs regularly.
Account identifiers and rotation history may persist across sessions and be visible to local tools or future agent activity.
The skill stores quota status, rotation logs, and state in persistent OpenClaw workspace memory paths. This appears purpose-aligned, but it retains account/model operational history locally.
"statusDb": ".openclaw/workspace/memory/model-status.json", "rotationLog": ".openclaw/workspace/memory/rotation.log", "rotationState": ".openclaw/workspace/memory/rotation-state.json"
Review and periodically clean the generated memory/log files if account history should not be retained.
Users have less external context for trusting code that operates on credentials.
For a skill that handles OAuth tokens and auth profile files, missing source/homepage provenance makes independent verification harder.
Source: unknown; Homepage: none
Inspect the full installed source before use and prefer a verifiable upstream repository for credential-handling automation.