ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Antigravity Image Gen

Generate images using the internal Google Antigravity API (Gemini 3 Pro Image). High quality, native generation without browser automation.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 132 · 0 current installs · 0 all-time installs
by@sunshine-del-ux
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code and SKILL.md: the skill reads an OpenClaw auth-profiles.json entry named like 'google-antigravity' and calls an internal Google image endpoint. However, the script falls back to a hard-coded project ID (junoai-465910) if the profile lacks a projectId, which is unexpected for a client-side tool and could route requests/billing or telemetry to a third-party project.
Instruction Scope
SKILL.md explicitly instructs reading local OAuth tokens and running the provided Node script; the script only reads the declared auth-profiles path and writes an image file. This behavior is within the stated scope, but reading OAuth tokens is sensitive and the documentation accepts that the skill will access them.
Install Mechanism
No install spec; instruction-only with a single Node script. Requires Node on PATH. No remote downloads or archive extraction are performed by the skill itself.
!
Credentials
The skill requests access to the local auth-profiles JSON (auth.profiles), which is proportionate to authenticating to an internal API but is sensitive (contains OAuth tokens). The unexpected hard-coded fallback project ID is a clear red flag: it may cause requests to be associated with another project's billing/telemetry. The skill does not request unrelated secrets or environment variables, but access to auth-profiles gives it a high-value credential.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills, and relies on manual invocation. It does not request elevated or persistent agent privileges.
What to consider before installing
This skill is coherent with its stated purpose but handles sensitive OAuth tokens and contains an unexpected hard-coded project ID. Before installing or running it: (1) Inspect scripts/generate.js yourself (or have a trusted reviewer) to verify there are no hidden network destinations and to remove or change the fallback project ID; (2) Confirm the endpoint (daily-cloudcode-pa.sandbox.googleapis.com) and that you trust using an internal Google 'Antigravity' API; (3) Use a dedicated, limited-scope OAuth profile (not your main Google account) and consider revoking the token after use; (4) Run the script in a sandboxed environment first and monitor network/billing; (5) If you cannot validate the source or the project ID, do not provide production credentials or sensitive accounts. If you want, I can suggest specific code edits to remove the fallback project ID and limit what profile data is read.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97bsdwf1b619j1ydkpa3w075d82yx7f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binsnode
Configauth.profiles

SKILL.md

Antigravity Image Generation

Generate high-quality images using the internal Google Antigravity API (Gemini 3 Pro Image). This skill bypasses the need for browser automation by using the daily-cloudcode-pa.sandbox endpoint directly with your OAuth credentials.

Prerequisites

  • Google Antigravity OAuth Profile: Must be present in your OpenClaw auth-profiles.json.
  • Node.js: Available in the environment.
  • Security Note: This skill reads local OAuth tokens from your profile to authenticate with Google's API. This is expected behavior for internal tool use.

Usage

Direct Script Execution

/home/ubuntu/clawd/skills/antigravity-image-gen/scripts/generate.js \
  --prompt "A futuristic city on Mars" \
  --output "/tmp/mars.png" \
  --aspect-ratio "16:9"

Arguments

  • --prompt (Required): The description of the image.
  • --output (Optional): Path to save the image (default: /tmp/antigravity_<ts>.png).
  • --aspect-ratio (Optional): 1:1 (default), 16:9, 9:16, 4:3, 3:4.

Output

  • The script writes the image to the specified path.
  • It prints MEDIA: <path> to stdout, which allows Clawdbot to automatically detect and display the image.

Troubleshooting

  • 429 Resource Exhausted: Quota limit reached. Wait or check your project limits.
  • No image data found: The model might have refused the prompt (safety) or the API structure changed. Check the "Model message" output.
  • Auth Error: Ensure you have logged in via google-antigravity provider.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…