Trust Assessment
antigravity-rotator received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 20 findings: 17 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings20
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/chocomintx/antigravity-rotator/scripts/dashboard.js:374 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/dashboard.js:404 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/index.js:37 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/dashboard.js:4 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:3 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/index.js:39 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/dashboard.js:22 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/dashboard.js:100 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:33 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:57 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:71 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:107 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:201 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:204 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:234 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chocomintx/antigravity-rotator/scripts/rotator.js:235 | |
| CRITICAL | Arbitrary command execution via `openclawBin` configuration The `config.json` file allows specifying the absolute path to the `openclaw` binary via the `openclawBin` parameter. This parameter is directly used in `child_process.execSync` calls across `index.js`, `scripts/dashboard.js`, and `scripts/rotator.js`. If an attacker can modify `config.json` (e.g., by gaining file system access or through another vulnerability), they can set `openclawBin` to an arbitrary shell command or script, leading to critical command injection. Although the `setup` action attempts to set this safely, manual modification or a compromised `config.json` poses a significant risk. 1. **Input Validation**: Strictly validate the `openclawBin` path in `config.json` to ensure it points to a legitimate executable and does not contain shell metacharacters. 2. **Least Privilege**: If possible, avoid direct shell execution for `openclaw` calls. Use a dedicated `openclaw` SDK or API if available, or ensure all arguments are properly escaped using a library like `shell-quote` or `shlex` before passing them to `execSync`. 3. **Restrict `config.json` access**: Ensure `config.json` has appropriate file system permissions to prevent unauthorized modification. | LLM | scripts/rotator.js:130 | |
| HIGH | Potential command injection in `curl` arguments The `refreshAccessToken` and `fetchAccountQuota` functions in `scripts/rotator.js` construct `curl` commands using string concatenation, incorporating `refreshToken`, `accessToken`, `CLIENT_ID`, `CLIENT_SECRET`, and `projectId`. While some values are enclosed in double quotes, if any of these variables (especially `refreshToken` or `accessToken` which come from external sources like `authProfiles` or API responses) contain shell metacharacters (e.g., backticks, `$()`, `$(command)`, `;"`, etc.) that are not properly escaped, it could lead to arbitrary command execution. `projectId` from `config.json` is also a potential vector. 1. **Use dedicated HTTP client**: Instead of `child_process.execSync` with `curl`, use Node.js's built-in `http` or `https` modules, or a secure third-party HTTP client library (e.g., `axios`, `node-fetch`). This avoids shell execution entirely for network requests. 2. **Proper Shell Escaping**: If `curl` must be used, ensure all dynamic arguments are rigorously escaped using a robust shell escaping library (e.g., `shell-quote` or `shlex`) to neutralize any metacharacters before constructing the command string. | LLM | scripts/rotator.js:80 | |
| MEDIUM | Hardcoded and configurable OAuth credentials The `CLIENT_ID` and `CLIENT_SECRET` for Google OAuth are hardcoded within `scripts/rotator.js` and can also be configured in `config.json`. While used for legitimate OAuth flows, hardcoding credentials is generally discouraged. Their use in `execSync` calls with `curl` means they are passed as command-line arguments, which can be visible in process lists (`ps aux`) or shell history, making them vulnerable to exposure if the system is compromised or if logging is not secure. 1. **Environment Variables**: Store sensitive credentials like `CLIENT_SECRET` in environment variables or a secure secrets management system, rather than hardcoding them or storing them in configuration files directly accessible on disk. 2. **Avoid Command-Line Exposure**: When using `curl` or similar tools, pass sensitive data like `CLIENT_SECRET` via request body or environment variables that are not logged, rather than directly in the command string. Better yet, use a dedicated HTTP client library as suggested for command injection. | LLM | scripts/rotator.js:31 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/chocomintx/antigravity-rotator/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/86a465b17340d1be)
Powered by SkillShield