critical
suspicious.env_credential_access
- Location
- check-quota.js:45
- Finding
- Environment variable access combined with network send.
Antigravity Quota
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Running the skill lets it authenticate to the Antigravity/Google service for every configured Antigravity account and reveal account identifiers and quota status.
Why it was flagged
This shows the script reads stored Clawdbot Antigravity auth profiles and uses each account's refresh token to obtain access tokens. That is high-impact account authority and is under-declared by the registry metadata, which lists no primary credential or required config path.
Skill content
Auth profiles at ~/.clawdbot/agents/main/agent/auth-profiles.json ... refresh: value.refresh ... const accessToken = await refreshToken(account.refresh);
Recommendation
Use only if you trust the skill source and expect it to read Clawdbot auth profiles. The publisher should declare the auth profile path and credential use explicitly, and ideally provide account selection or clearer consent boundaries.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Account refresh tokens are exchanged with Google's OAuth endpoint, and project IDs are sent to the Cloud Code quota endpoint to retrieve model availability.
Why it was flagged
The script makes direct provider API calls using OAuth tokens. This is expected for quota checking and appears bounded to the quota/model endpoint, but users should know network calls are part of normal operation.
Skill content
const TOKEN_URL = "https://oauth2.googleapis.com/token"; const ENDPOINT = "https://cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels";
Recommendation
Verify that these endpoints are the expected Antigravity/Google endpoints for your environment before running the script.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If you follow the optional command, you may install whatever version is current at that repository at install time.
Why it was flagged
The tablesnap install is optional and related to image rendering, but it fetches an unpinned latest version from an external repository.
Skill content
go install github.com/joargp/tablesnap/cmd/tablesnap@latest
Recommendation
Skip the optional dependency unless needed, or pin/review the tablesnap version before installing it.