Finding
Focus area: setup/
Affected file: setup/sh/install_antigravity_cli.sh
Threat level: medium
Fingerprint: setup/sh/install_antigravity_cli.sh:checksum-skip-on-404
Description
install_antigravity_cli.sh downloads the Antigravity CLI binary from a public Google Cloud Storage bucket (storage.googleapis.com/antigravity-public/) and installs it as /usr/local/bin/agy with sudo install -m 755. Checksum verification is implemented, but it is silently skipped when the checksums.txt file returns HTTP 404 (lines 86–89):
if [ "${CHECKSUMS_DOWNLOAD_STATUS}" = "404" ]; then
echo "WARNING: checksums.txt not found for version ${VERSION}; skipping checksum verification."
rm -f "${TEMP_DIR}/checksums.txt"
VERIFY_CHECKSUM=false
fi
The VERSION argument is caller-supplied (line 23). Any version string that lacks a corresponding checksums.txt in the GCS bucket — whether due to a pre-release version, a typo, a missing artifact upload, or a GCS path manipulation — results in privileged binary installation with no cryptographic integrity guarantee.
Why this does not fit setup/install behavior
Other installer scripts in the same directory (install_copilot_cli.sh, install_awf_binary.sh) treat a missing checksum file as a hard failure, not a silent bypass. The inconsistency means a single code path in this script accepts unverified binaries at root-equivalent privilege while the rest of the install surface enforces integrity.
Evidence of persistence
This finding was raised in four prior issues (#129, #134, #141, #151), all subsequently closed. The code has not changed between those scans and this one; the VERIFY_CHECKSUM=false path on 404 remains in the current commit.
LLM-as-judge verdicts (this run)
| Judge |
Model |
Verdict |
| judge-1 |
claude-sonnet-4.6 |
clean (noted as hygiene gap, not active threat) |
| judge-2 |
claude-haiku-4-5 |
threat |
| judge-3 |
claude-haiku-4-5 |
threat |
Consensus: 2/3 judges independently flagged as credible threat → escalation threshold met.
Suggested remediation
- Hard-fail on missing checksums.txt — mirror the behavior of
install_copilot_cli.sh and install_awf_binary.sh:
if [ "${CHECKSUMS_DOWNLOAD_STATUS}" = "404" ]; then
echo "ERROR: checksums.txt not found for version ${VERSION}. Cannot install without integrity verification."
exit 1
fi
- Ensure every published Antigravity CLI version includes a
checksums.txt in the GCS bucket before callers can reference it.
- Alternatively, migrate the Antigravity CLI distribution to GitHub Releases (same pattern as the other installers) where artifact availability and integrity are easier to enforce.
Generated by Daily Runtime Threat Scan · 824.6 AIC · ⊞ 36.4K · ◷
Finding
Focus area:
setup/Affected file:
setup/sh/install_antigravity_cli.shThreat level:
mediumFingerprint:
setup/sh/install_antigravity_cli.sh:checksum-skip-on-404Description
install_antigravity_cli.shdownloads the Antigravity CLI binary from a public Google Cloud Storage bucket (storage.googleapis.com/antigravity-public/) and installs it as/usr/local/bin/agywithsudo install -m 755. Checksum verification is implemented, but it is silently skipped when thechecksums.txtfile returns HTTP 404 (lines 86–89):The
VERSIONargument is caller-supplied (line 23). Any version string that lacks a correspondingchecksums.txtin the GCS bucket — whether due to a pre-release version, a typo, a missing artifact upload, or a GCS path manipulation — results in privileged binary installation with no cryptographic integrity guarantee.Why this does not fit setup/install behavior
Other installer scripts in the same directory (
install_copilot_cli.sh,install_awf_binary.sh) treat a missing checksum file as a hard failure, not a silent bypass. The inconsistency means a single code path in this script accepts unverified binaries at root-equivalent privilege while the rest of the install surface enforces integrity.Evidence of persistence
This finding was raised in four prior issues (#129, #134, #141, #151), all subsequently closed. The code has not changed between those scans and this one; the
VERIFY_CHECKSUM=falsepath on 404 remains in the current commit.LLM-as-judge verdicts (this run)
clean(noted as hygiene gap, not active threat)threatthreatConsensus: 2/3 judges independently flagged as credible threat → escalation threshold met.
Suggested remediation
install_copilot_cli.shandinstall_awf_binary.sh:checksums.txtin the GCS bucket before callers can reference it.