Verdict: 🚨 THREAT
Confidence: High
Summary
The file setup/sh/install_antigravity_cli.sh is a credible supply chain threat indicator. It downloads and installs an undocumented third-party binary from a Google Cloud Storage public bucket onto GitHub Actions runner environments.
Key Indicators
| Signal |
Detail |
| Origin |
Introduced via PR merge commit 9549ceca — not traceable to the main branch history |
| Isolation |
The word "antigravity" appears only in this single file across the entire repository |
| No documentation |
Not referenced in README, action.yml, any workflow .md, or any other file |
| Not integrated |
Not called from setup.sh or any existing workflow — orphaned file |
| External binary |
Downloads from storage.googleapis.com/antigravity-public/ — not a GitHub-hosted or well-known vendor resource |
| Privileged install |
Uses sudo install -m 755 to place binary in /usr/local/bin/agy on the runner |
| Checksum bypass |
Falls back silently to no-verify when checksums.txt returns HTTP 404 — version strings can be crafted to trigger this |
Attack Pattern
This matches the "sleeper payload" supply chain pattern:
- A script is quietly introduced into a shared action repository
- It sits dormant and undocumented so it bypasses review
- A later commit or workflow references it, triggering installation of an attacker-controlled binary on every runner that uses the shared action
The GCS public bucket (antigravity-public) is owned by an unknown party — the bucket name and binary name "antigravity" do not correspond to any known legitimate tool in the gh-aw ecosystem.
Recommended Actions
Generated by Daily Runtime Threat Scan for issue #128 · ● 16.7M · ◷
Verdict: 🚨 THREAT
Confidence: High
Summary
The file
setup/sh/install_antigravity_cli.shis a credible supply chain threat indicator. It downloads and installs an undocumented third-party binary from a Google Cloud Storage public bucket onto GitHub Actions runner environments.Key Indicators
9549ceca— not traceable to the main branch historyaction.yml, any workflow.md, or any other filesetup.shor any existing workflow — orphaned filestorage.googleapis.com/antigravity-public/— not a GitHub-hosted or well-known vendor resourcesudo install -m 755to place binary in/usr/local/bin/agyon the runnerchecksums.txtreturns HTTP 404 — version strings can be crafted to trigger thisAttack Pattern
This matches the "sleeper payload" supply chain pattern:
The GCS public bucket (
antigravity-public) is owned by an unknown party — the bucket name and binary name "antigravity" do not correspond to any known legitimate tool in thegh-awecosystem.Recommended Actions
setup/sh/install_antigravity_cli.shimmediately9549ceca— determine who authored it and whether other files were introduced/usr/local/bin/agy