Antigravity Quota
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to check quotas as advertised, but it uses stored Antigravity login tokens for every configured account even though the registry says no credential or config path is required.
Review this skill before installing. It is purpose-aligned, but it will read ~/.clawdbot Antigravity auth profiles, refresh account tokens, contact Google/Cloud Code endpoints, and print account identifiers and quotas. Run it only if you trust the source and are comfortable with all configured Antigravity accounts being checked.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill lets it authenticate to the Antigravity/Google service for every configured Antigravity account and reveal account identifiers and quota status.
This shows the script reads stored Clawdbot Antigravity auth profiles and uses each account's refresh token to obtain access tokens. That is high-impact account authority and is under-declared by the registry metadata, which lists no primary credential or required config path.
Auth profiles at ~/.clawdbot/agents/main/agent/auth-profiles.json ... refresh: value.refresh ... const accessToken = await refreshToken(account.refresh);
Use only if you trust the skill source and expect it to read Clawdbot auth profiles. The publisher should declare the auth profile path and credential use explicitly, and ideally provide account selection or clearer consent boundaries.
Account refresh tokens are exchanged with Google's OAuth endpoint, and project IDs are sent to the Cloud Code quota endpoint to retrieve model availability.
The script makes direct provider API calls using OAuth tokens. This is expected for quota checking and appears bounded to the quota/model endpoint, but users should know network calls are part of normal operation.
const TOKEN_URL = "https://oauth2.googleapis.com/token"; const ENDPOINT = "https://cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels";
Verify that these endpoints are the expected Antigravity/Google endpoints for your environment before running the script.
If you follow the optional command, you may install whatever version is current at that repository at install time.
The tablesnap install is optional and related to image rendering, but it fetches an unpinned latest version from an external repository.
go install github.com/joargp/tablesnap/cmd/tablesnap@latest
Skip the optional dependency unless needed, or pin/review the tablesnap version before installing it.