antigravity-bridge

v1.0.2 suspicious
8.0
High Risk

Lightweight MCP server bridging Claude Code to Antigravity AI via official CLI

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple high-risk behaviors, including accessing sensitive system files and signs of a potentially malicious repository setup. These factors strongly suggest the possibility of a supply-chain attack.

  • Access to '/etc/passwd' file
  • Rapid commits from a single maintainer
Per-check LLM notes
  • Network: No network calls were detected, which is generally low risk.
  • Shell: Detection of shell execution attempts may indicate potential for executing arbitrary commands, suggesting higher risk.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code attempts to access '/etc/passwd', which is suspicious and likely indicates an attempt to harvest credentials or sensitive information.
  • Metadata: Suspiciously new repository with rapid commits and a single package maintainer, indicating potential malicious intent.

📦 Package Quality Overall: Medium (5.0/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • 4 test file(s) detected (e.g. test_cli.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9191 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 11 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 6 commits in FojleRabbiRabib/Antigravity-Bridge
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • r]: try: result = subprocess.run( cmd, cwd=directory, cap
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • mmand_prompt(str(tmp_path), ["/etc/passwd"]) assert "Skipped file outside working directory" in "
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • All 6 commits happened within 24 hours
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Fojle Rabbi Rabib" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with antigravity-bridge 
Create a novel mini-application called 'GravitySync' that leverages the 'antigravity-bridge' package to bridge communication between Claude Code and Antigravity AI through their respective official CLIs. GravitySync should allow users to send queries or commands to either AI system and receive responses seamlessly. The application should include the following core functionalities:

1. User Interface: Develop a simple yet intuitive command-line interface (CLI) that allows users to input queries or commands.
2. Configuration Management: Users should be able to configure which AI system (Claude Code or Antigravity AI) to communicate with. This configuration should be saved persistently across sessions.
3. Real-time Communication: Implement real-time interaction where users can see responses from the selected AI system as soon as they are processed.
4. Error Handling: Gracefully handle any errors that occur during the communication process and provide meaningful feedback to the user.
5. Logging: Maintain a log of all interactions for auditing purposes.
6. Multi-language Support: Allow users to specify the language in which they want their query to be processed and responded to.
7. Advanced Features: Consider adding advanced features such as saving frequently asked questions (FAQs), allowing users to switch between AI systems mid-session, or even integrating a basic natural language processing (NLP) feature to interpret user inputs more intelligently.

The 'antigravity-bridge' package will be utilized to establish and manage the connection between the two AI systems, facilitating seamless communication. It should be integrated into the application in a way that abstracts away the complexities of interacting directly with each AI system's CLI, thereby focusing on providing a smooth user experience.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!