Back to skill

Security audit

Antigravity Balance

Security checks across malware telemetry and agentic risk

Overview

This skill checks Antigravity quota as advertised, but it uses local process arguments and a local CSRF token to do so, so its output should be treated as sensitive.

Install only if you are comfortable with a script reading Antigravity process arguments, using the local CSRF token to query the local Antigravity API, and displaying account identity plus quota details. Avoid verbose mode, JSON output, shared terminals, screen recordings, and logs when that account information or token-bearing process data could be exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script enumerates host processes and parses another process's full command line to recover a CSRF token and port, which is sensitive host-inspection behavior beyond a simple quota display. Even though the stated purpose is to query a local Antigravity service, extracting secrets from process arguments creates an unnecessary capability that could be repurposed to access other local APIs or expose local process metadata.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly describes extracting a CSRF token and extension server port from a local process, then querying a localhost HTTPS endpoint for user status data, but it does not clearly warn users that it accesses authentication/connection details and account-related information. This creates a transparency and consent problem: a user invoking a seemingly harmless quota check may not realize the skill inspects process arguments and accesses locally exposed account data, which increases the risk of inappropriate data access or misuse in shared or managed environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script extracts a CSRF token from another running process and immediately uses it to make authenticated requests to a localhost service, without an explicit user warning or consent flow. This is effectively credential reuse/impersonation of the local client session, and if adapted or abused it could grant access to sensitive local service operations well beyond quota inspection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.