Antigravity Balance

v1.0.0

Check Google Antigravity AI model quota/token balance. Use when a user asks about their Antigravity usage, remaining tokens, model limits, quota status, or rate limits. Works by detecting the local Antigravity language server process and querying its API.

⭐ 2· 2.7k·7 current·7 all-time

by@finderstrategy-cyber

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (check local Antigravity quota) align with what is implemented: the script searches for a language_server process, extracts --extension_server_port and --csrf_token, scans local ports, and queries a local HTTPS endpoint to get user status. All requested actions are relevant to the stated purpose.

✓

Instruction Scope

SKILL.md and the script limit actions to detecting a local process (ps / PowerShell) and making HTTPS requests to 127.0.0.1. There are no instructions to read unrelated files, call remote APIs, or exfiltrate data. The script does parse process command lines to extract the CSRF token — this is necessary for the local API query but is the most sensitive operation it performs.

✓

Install Mechanism

There is no install spec (instruction-only with an included node script). No external archives or third-party packages are downloaded during install. The only runtime dependency is Node.js, which is declared in SKILL.md.

ℹ

Credentials

The skill requests no environment variables or external credentials. It does read the system process list and parses command-line arguments to extract a CSRF token from the Antigravity process — this is proportional to querying the local service, but it is sensitive because process command lines can contain secrets. This access is justified by the skill's purpose but worth highlighting to users.

✓

Persistence & Privilege

No persistent installation or 'always' privilege is requested. The skill does not modify other skills or system-wide agent settings. The agent can invoke it normally (default), which is expected.

Assessment

This skill appears coherent and does what it claims: it searches your process list, extracts the Antigravity server port and CSRF token from the process command line, then queries a localhost HTTPS endpoint to show quota. That behavior is necessary for the stated purpose but is sensitive because it reads tokens from process command lines. Before installing or running: (1) review the included script (scripts/agquota.js) yourself — the full source is present; (2) only run it on machines you trust (don't run on shared CI runners or untrusted hosts); (3) note it executes ps on Unix or a PowerShell query on Windows; (4) it only communicates with 127.0.0.1 (no remote exfiltration in the code), and it has no external install steps. If you are uncomfortable with a tool that extracts tokens from process args, do not install or run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk976k5syvby17r3sfvx0jcwee9802vdd

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Antigravity Balance

License

Comments