Trust Assessment
antigravity-image received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Hardcoded Sensitive Credential Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Write via Unsanitized Filename The skill uses the user-provided `--filename` argument directly in the `open()` function to write the generated image. This allows an attacker to specify arbitrary file paths, including absolute paths or paths with traversal sequences (e.g., `../../`), leading to arbitrary file write vulnerabilities. An attacker could overwrite critical system files, create malicious executables in sensitive directories, or exfiltrate data by writing it to a publicly accessible location. Sanitize and validate the `filename` argument. Restrict file writing to a designated, sandboxed output directory. Use `os.path.join()` with a secure base directory and `os.path.basename()` on the user-provided filename to prevent path traversal attacks. For example: `output_path = os.path.join('/tmp/skill_output', os.path.basename(args.filename))`. | LLM | scripts/generate_image_antigravity.py:80 | |
| HIGH | Potential data exfiltration: file read + network send Function 'main' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/houzl3416/antigravity-image/scripts/generate_image_antigravity.py:79 | |
| HIGH | Hardcoded Sensitive Credential Path The skill directly accesses a hardcoded path '/root/.openclaw/agents/main/agent/auth-profiles.json' to retrieve OAuth tokens and project IDs. This grants the skill excessive permissions to a global credential store, making it a single point of failure if the skill is compromised. Credentials should be provided to skills via more secure, isolated mechanisms (e.g., environment variables, a dedicated secrets manager API) rather than direct filesystem access to a shared configuration file. Avoid hardcoding paths to sensitive credential files. Instead, pass necessary credentials or access tokens to the skill via secure environment variables, a dedicated secrets management service, or a restricted API that provides temporary, scoped access. Ensure the skill operates with the principle of least privilege. | LLM | scripts/generate_image_antigravity.py:9 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/houzl3416/antigravity-image/scripts/generate_image_antigravity.py:8 |
Scan History
Embed Code
[](https://skillshield.io/report/514b2601330cf670)
Powered by SkillShield