registry  /  antigravity-booster  /  0.4.1

antigravity-booster@0.4.1

ADLC-shaped parallel orchestration for Google Antigravity (agy CLI): quota-pool-aware scheduling, worktree fleets, cross-model prosecution, deterministic gates

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is established. An explicit `agb bootstrap` mutates the user's Antigravity skill/plugin surface by installing package-aligned skills and an ADLC plugin.

Static reason
No blocking static signals were detected.
Trigger
User runs `agb bootstrap`, `agb install`, or an alias.
Impact
Adds a release-oriented agent skill and installs an aligned Antigravity plugin; later agent invocation can perform user-authorized repository and publishing actions.
Mechanism
Explicit AI-agent skill and plugin installation.
Rationale
Source inspection found an explicit agent-extension setup path but no concrete malicious chain. This warrants a warning for agent extension lifecycle risk rather than a publication block.
Evidence
package.jsonbin/agb.mjslib/bootstrap.mjsskills/release/SKILL.mdlib/agy.mjs~/.gemini/skills/release

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/agb.mjs` exposes explicit `bootstrap`/`install` commands.
  • `lib/bootstrap.mjs` copies or symlinks package skills into `~/.gemini/skills`.
  • `lib/bootstrap.mjs` invokes `agy plugin install` for the aligned `@adlc/antigravity` plugin.
  • `skills/release/SKILL.md` instructs an agent to run release, git, GitHub, and npm-publish workflow commands when invoked.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Bootstrap is reachable only through an explicit CLI command, not package installation or import.
  • No source uses direct HTTP clients, `fetch`, credential harvesting, or outbound exfiltration.
  • `lib/agy.mjs` launches the user-selected `agy` CLI and stores transcripts owner-only when logging.
  • No hidden executable payloads or native binaries were present in the inspected package files.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 175 KB of source, external domains: antigravity.google

Source & flagged code

4 flagged · loading source
bin/agb.mjsView file
Published source reference
Medium
Ai Review Evidence

`bin/agb.mjs` exposes explicit `bootstrap`/`install` commands.

bin/agb.mjsView on unpkg
lib/bootstrap.mjsView file
Published source reference
Medium
Ai Review Evidence

`lib/bootstrap.mjs` copies or symlinks package skills into `~/.gemini/skills`.

lib/bootstrap.mjsView on unpkg
Published source reference
Medium
Ai Review Evidence

`lib/bootstrap.mjs` invokes `agy plugin install` for the aligned `@adlc/antigravity` plugin.

lib/bootstrap.mjsView on unpkg
skills/release/SKILL.mdView file
Published source reference
Medium
Ai Review Evidence

`skills/release/SKILL.md` instructs an agent to run release, git, GitHub, and npm-publish workflow commands when invoked.

skills/release/SKILL.mdView on unpkg

Findings

5 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencebin/agb.mjs
MediumAi Review Evidencelib/bootstrap.mjs
MediumAi Review Evidencelib/bootstrap.mjs
MediumAi Review Evidenceskills/release/SKILL.md
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings