v1.1.1

Publish Antigravity Rotator

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

This skill matches its stated account-rotation purpose, but it reads and modifies local OpenClaw/Google authentication profiles and can run repeatedly to change live model sessions, so it needs careful review before use.

GuidanceInstall only if you explicitly want this skill to manage Antigravity accounts for you. Before enabling the dashboard or cron job, inspect config.json, confirm the account list, back up OpenClaw auth profiles, and understand that the skill can refresh tokens and change the active model/account without asking each time.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/rotator.js

const cmd = `curl -s --connect-timeout 10 --retry 1 -X POST "${this.QUOTA_API_URL}" ${headerArgs} -d "${bodyStr}"`; ... const output = execSync(cmd, { encoding: 'utf8', timeout: 35000 });

The skill builds shell commands for external API calls and includes OAuth-derived authorization data in those command-driven workflows.

User impactA misconfigured or tampered local profile/config could affect commands that run under the user's account, and token-bearing operations occur through shell execution rather than a narrower API client.

RecommendationInspect and protect config.json and auth-profiles.json, run the rotator manually before enabling cron, and avoid using it on machines where untrusted users or processes can edit OpenClaw profile/config files.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SKILL.md

*/10 * * * * [NODE_PATH] [SKILL_PATH]/index.js --action=rotate >> [LOG_PATH]/cron-rotate.log 2>&1

The documentation instructs users to install a cron job that keeps the rotation logic running automatically every 10 minutes.

User impactOnce enabled, the skill may continue refreshing tokens and changing model/account selection in the background until the cron entry is removed.

RecommendationEnable the cron job only after testing, document where it is installed, and remove or disable it when you no longer want automatic rotation.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none; Required binaries: none; Primary credential: none; Required config paths: none

The registry metadata provides no upstream source or homepage and does not declare the credential/config paths that the included code relies on.

User impactUsers have less provenance information for a skill that handles OAuth tokens and OpenClaw auth state.

RecommendationTreat the package as untrusted until you have reviewed the included code and verified the publisher/source through a channel you trust.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/rotator.js

const authData = this.readJson(this.paths.authProfiles); ... token = await this.refreshAccessToken(profile.refresh); ... authData.profiles[`google-antigravity:${email}`].access = token;

The rotator reads local OpenClaw auth profiles, uses stored refresh tokens to obtain new access tokens, and writes updated access tokens back into the auth profile.

User impactThe skill can use and modify the Google Antigravity credentials already stored on the machine, including switching which account is active for OpenClaw.

RecommendationOnly use this with accounts you are comfortable delegating to the skill; back up auth profiles first, review config.json, and prefer dedicated Antigravity accounts rather than personal primary accounts.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

assets/config.example.json

"statusDb": ".openclaw/workspace/memory/model-status.json", "rotationLog": ".openclaw/workspace/memory/rotation.log", "rotationState": ".openclaw/workspace/memory/rotation-state.json"

The skill stores persistent model status, rotation logs, and rotation state in the OpenClaw workspace memory area.

User impactAccount names, quota status, and rotation decisions may persist across runs and influence later automatic rotations.

RecommendationReview and protect these memory files, and clear them if you stop using the skill or do not want historical account/quota data retained.