Skip to content

[runtime-threat-scan] setup/sh/install_antigravity_cli.sh: SHA256 checksum silently bypassed on HTTP 404 (supply-chain risk) #162

Description

@github-actions

Finding

Focus area: setup/
Affected file: setup/sh/install_antigravity_cli.sh
Threat level: medium
Fingerprint: setup/sh/install_antigravity_cli.sh:checksum-skip-on-404


Description

install_antigravity_cli.sh downloads the Antigravity CLI binary from a public Google Cloud Storage bucket (storage.googleapis.com/antigravity-public/) and installs it as /usr/local/bin/agy with sudo install -m 755. Checksum verification is implemented, but it is silently skipped when the checksums.txt file returns HTTP 404 (lines 86–89):

if [ "${CHECKSUMS_DOWNLOAD_STATUS}" = "404" ]; then
  echo "WARNING: checksums.txt not found for version ${VERSION}; skipping checksum verification."
  rm -f "${TEMP_DIR}/checksums.txt"
  VERIFY_CHECKSUM=false
fi

The VERSION argument is caller-supplied (line 23). Any version string that lacks a corresponding checksums.txt in the GCS bucket — whether due to a pre-release version, a typo, a missing artifact upload, or a GCS path manipulation — results in privileged binary installation with no cryptographic integrity guarantee.

Why this does not fit setup/install behavior

Other installer scripts in the same directory (install_copilot_cli.sh, install_awf_binary.sh) treat a missing checksum file as a hard failure, not a silent bypass. The inconsistency means a single code path in this script accepts unverified binaries at root-equivalent privilege while the rest of the install surface enforces integrity.

Evidence of persistence

This finding was raised in four prior issues (#129, #134, #141, #151), all subsequently closed. The code has not changed between those scans and this one; the VERIFY_CHECKSUM=false path on 404 remains in the current commit.

LLM-as-judge verdicts (this run)

Judge Model Verdict
judge-1 claude-sonnet-4.6 clean (noted as hygiene gap, not active threat)
judge-2 claude-haiku-4-5 threat
judge-3 claude-haiku-4-5 threat

Consensus: 2/3 judges independently flagged as credible threat → escalation threshold met.

Suggested remediation

  1. Hard-fail on missing checksums.txt — mirror the behavior of install_copilot_cli.sh and install_awf_binary.sh:
    if [ "${CHECKSUMS_DOWNLOAD_STATUS}" = "404" ]; then
      echo "ERROR: checksums.txt not found for version ${VERSION}. Cannot install without integrity verification."
      exit 1
    fi
  2. Ensure every published Antigravity CLI version includes a checksums.txt in the GCS bucket before callers can reference it.
  3. Alternatively, migrate the Antigravity CLI distribution to GitHub Releases (same pattern as the other installers) where artifact availability and integrity are easier to enforce.

Generated by Daily Runtime Threat Scan · 824.6 AIC · ⊞ 36.4K ·

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions