Security audit

Antigravity Image Gen

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is mostly transparent about using local Google Antigravity credentials, but it has enough sensitive and under-scoped behavior that users should review it before installing.

Install only if you trust the publisher and intend to use your local Google Antigravity OAuth profile for authenticated calls to an internal Google sandbox endpoint. Review the auth profile path and project ID before running, and avoid broad auto-invocation or output paths that could overwrite important files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill metadata declares required config and binaries but does not explicitly declare permissions, while the description states it reads local OAuth tokens from auth profiles to authenticate against an internal API. That creates a real least-privilege and transparency issue: the skill can access sensitive local credential material without an explicit permission declaration, making review, sandboxing, and user consent weaker.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The script reads credentials from a local auth profile selected partly by an environment variable, which expands its ability to access sensitive local data beyond simple image generation. In this skill context, credential access is central to the implementation, but doing so from a generic on-disk profile without clear scoping, validation, or user consent increases the risk of unauthorized token use or abuse of alternate credential paths.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation phrases 'User asks to generate an image' and 'User wants to create visual content' are broad and likely to match many ordinary conversations, causing the skill to trigger unexpectedly. In this case, unexpected invocation is more concerning because the skill uses local OAuth-backed access to an internal Google API, so accidental activation could lead to unnecessary credential use or unintended requests.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script silently loads a local access token and transmits it in an outbound request without any explicit user-facing disclosure or confirmation. In an agent skill, this is more dangerous because users may invoke image generation without realizing the skill consumes local credentials and sends prompt data plus authentication material to a remote internal API.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.