Skills
skills/sundial-org/awesome-openclaw-skills/antigravity-quota/Gen Agent Trust Hub

antigravity-quota

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file check-quota.js contains a hardcoded Google OAuth client secret and client ID, both encoded in Base64. Evidence: CLIENT_SECRET (decodes to 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).
  • [DATA_EXFILTRATION]: The script implements a read-and-transmit pattern where it accesses sensitive local configuration files (~/.clawdbot/agents/main/agent/auth-profiles.json) containing account refresh tokens and sends them to external Google endpoints to facilitate authentication and quota checks.
  • [COMMAND_EXECUTION]: The skill requires the execution of a Node.js script that performs sensitive file system operations on local paths and makes network requests.
  • [EXTERNAL_DOWNLOADS]: The documentation recommends the installation of an external utility tablesnap from a public GitHub repository using the Go package manager.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 12:25 AM