Antigravity Balance
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use local Antigravity session authority to query account status, and debug output could reveal a token if copied into logs or support chats.
The script extracts a local Antigravity CSRF token from the process command line, and verbose logging prints the full matching command line, which is likely to include that token.
log(`Antigravity line: ${antigravityLine}`); ... const tokenMatch = antigravityLine.match(/--csrf_token[= ]+([a-f0-9-]+)/i);Only run this on a trusted machine, avoid sharing verbose output, and redact or avoid logging the CSRF token. The skill should declare this local token use and mask tokens in debug logs.
A different local HTTPS service on a nearby port could receive the Antigravity token during discovery.
During port discovery, the script sends the CSRF token to multiple nearby localhost HTTPS ports while accepting any certificate, before proving the target is the intended Antigravity API.
for (let p = extensionPort - 10; p <= extensionPort + 10; p++) { ... testPort(p, token); } ... 'X-Codeium-Csrf-Token': token ... rejectUnauthorized: falseAvoid sending the token during discovery, verify the service identity before adding authentication headers, or restrict probing to the exact known Antigravity API port.
Running the skill executes local shell commands that inspect running process arguments.
The script runs local process-listing commands to detect the Antigravity language server. This is expected for the stated purpose, but users should know it executes OS commands.
const { exec } = require('child_process'); ... execAsync(`ps -ww -eo pid,args | grep "${processName}" | grep -v grep`, { timeout: 5000 });Review and run the script manually if you are uncomfortable with local process enumeration.