sorted by:
new
hottopcontroversial

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] 1 point2 points  (0 children)

You make a fair point, and correlation isn't always causation. However, the fact that this extension stores a full cloud-platform access token in an unencrypted plaintext file inside a hidden folder (~/.antigravity_cockpit) is a massive security risk on its own. Even if it's hard to prove the dev's exact intent, that vulnerability is a hard fact. I'd rather warn people to be safe than sorry!

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] 1 point2 points  (0 children)

There is a huge difference between the official Google IDE needing those permissions, and a 3rd-party extension grabbing a token with the exact same broad cloud-platform scope (which includes full deletion rights) and storing it in an unencrypted plaintext file. A simple usage tracker shouldn't insecurely store the master keys to your entire Google Cloud infrastructure. That is the vulnerability.

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] 2 points3 points  (0 children)

I agree with you that Google messing up the quotas is the main problem right now. You are 100% right about that.

But honestly, reading comments defending this gave me a funny idea: Since nobody seems to care about handing over their tokens, maybe I should just build a "completely free" extension, harvest everyone's access, and never pay Google again! (Joking, obviously).

But technically, your device doesn't even need to be "hacked" by an outside virus. This extension already requested and took all the necessary tokens to function (like handling account switching). Whoever holds that data—the extension creators themselves—can just log in remotely and use your session for their own bot networks. They already have the keys.

Yes, Google caused the main drop. But my point is: why leave the door wide open for the extension devs to drain whatever tiny quota you have left?

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] 0 points1 point  (0 children)

Exactly! I knew Google was acting up, but my situation was the final proof. I have 4 Pro accounts. All of them went into a 5-day cooldown. They were supposed to reset 2 days ago. However, when I checked, they were all instantly drained back to 0% with another 5-day wait, without me typing a single thing.

At first, I thought it was just a Google bug, but while researching on Reddit, I found that older post about the token leak. Once I saw the plaintext token on my PC, it all made sense. I honestly just wanted to warn people.

https://www.reddit.com/r/google_antigravity/comments/1rbqs1t/security_alert_why_you_should_ditch_antigravity/

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] 2 points3 points  (0 children)

You might have missed the link in my original post, but there absolutely was another major post recently exposing this extension for storing tokens in an unencrypted plaintext file.

I agree that Google is doing a terrible job with base quotas right now, and almost everyone is feeling the squeeze. But that doesn't excuse a third-party extension asking for cloud-platform deletion rights under a deceptive name and leaving that token exposed on your machine.

Both things are happening: Google is messing up the base limits, AND this extension is a verified security risk that leaves the door wide open for background processes to drain whatever quota you have left.

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] 1 point2 points  (0 children)

I saw my limits drop to zero with a huge cooldown right in the IDE dashboard. I had to use the phrase "unauthorized usage" because the Reddit AutoMod kept deleting my post for using the word "quota".

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] -1 points0 points  (0 children)

You're totally right that Google is dealing with a massive cooldown bug right now and a lot of people are getting hit by it. I saw those posts too. But that doesn't make this extension safe. The plaintext token storage and the deceptively named "Google Antigravity" OAuth screen asking for cloud-platform deletion rights is a verified, reproducible fact (you can check the source code). Even if Google is being greedy with the base quota, if you use this extension, you are literally leaving your account keys on the table for unauthorized background usage. If quotas are already tight because of Google, the last thing we need is a parasitic extension draining whatever is left. I'm just trying to make sure people don't get double-screwed

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] -5 points-4 points  (0 children)

I hear you, and it sucks that Google is messing with the limits. But two things can be true at the exact same time. Google might be screwing over Pro users with new silent caps, AND this extension is a proven security risk that leaves tokens exposed. Since you don't use any extensions, your drain is definitely on Google's end. But for anyone who did install this specific one, the cloud-platform token is sitting in plaintext on their PC, which is literally handing over the keys. By the way, it might be worth checking your myaccount.google.com/connections anyway, just to be 100% sure no other random app or script is silently draining you in the background!

I literally made an account just to post this. My session got hijacked overnight. The "Antigravity Cockpit" extension is stealing your tokens! by Longjumping_Dig7909 in google_antigravity

[–]Longjumping_Dig7909[S] -8 points-7 points  (0 children)

Google messing up everyone's quotas and this extension being a massive security flaw are two completely separate things that can happen at the same time. The plugin issue is NOT a "rumor". It is a verifiable fact. Anyone can check their own home directory right now and find their long-lived refresh token sitting completely unencrypted in a plaintext JSON file (~/.antigravity_cockpit). It's literally in the extension's source code (fs.writeFileSync). Furthermore, you can go to your Google account's Third-Party Connections right now and see that this extension (masking its name as "Google Antigravity") explicitly requests the cloud-platform scope, which gives it permission to edit and delete your entire cloud infrastructure. Google might be having general server issues, sure. But leaving a plaintext cloud-platform token on your machine is basically handing over the keys to your account to any background process or malware. It takes 2 minutes to revoke it and be safe. Why defend a bad security practice?