Skip to content

[runtime-threat-scan] Suspicious undocumented binary installer: setup/sh/install_antigravity_cli.sh #129

Description

@github-actions

Verdict: 🚨 THREAT

Confidence: High

Summary

The file setup/sh/install_antigravity_cli.sh is a credible supply chain threat indicator. It downloads and installs an undocumented third-party binary from a Google Cloud Storage public bucket onto GitHub Actions runner environments.

Key Indicators

Signal Detail
Origin Introduced via PR merge commit 9549ceca — not traceable to the main branch history
Isolation The word "antigravity" appears only in this single file across the entire repository
No documentation Not referenced in README, action.yml, any workflow .md, or any other file
Not integrated Not called from setup.sh or any existing workflow — orphaned file
External binary Downloads from storage.googleapis.com/antigravity-public/ — not a GitHub-hosted or well-known vendor resource
Privileged install Uses sudo install -m 755 to place binary in /usr/local/bin/agy on the runner
Checksum bypass Falls back silently to no-verify when checksums.txt returns HTTP 404 — version strings can be crafted to trigger this

Attack Pattern

This matches the "sleeper payload" supply chain pattern:

  1. A script is quietly introduced into a shared action repository
  2. It sits dormant and undocumented so it bypasses review
  3. A later commit or workflow references it, triggering installation of an attacker-controlled binary on every runner that uses the shared action

The GCS public bucket (antigravity-public) is owned by an unknown party — the bucket name and binary name "antigravity" do not correspond to any known legitimate tool in the gh-aw ecosystem.

Recommended Actions

  • Remove setup/sh/install_antigravity_cli.sh immediately
  • Audit PR chore: sync actions from gh-aw@v0.77.5 #128 / merge commit 9549ceca — determine who authored it and whether other files were introduced
  • Scan runner environments that have consumed this action version for the presence of /usr/local/bin/agy
  • Review all other files introduced in the same PR/commit for additional payloads
  • Rotate any secrets or tokens that may have been accessible to workflows using this action version

Generated by Daily Runtime Threat Scan for issue #128 · ● 16.7M ·

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions