Comment by anon84873628
10 hours ago
Can you help me understand which of these happened?
1) Open Claw has a Google OAuth client id that users are signing in with. (This seems unlikely because why would Google have approved the client or not banned it)
2) Users are creating their own OAuth client id for signing themselves into Open Claw. (Again, why would these clients be able to use APIs Google doesn't want them to?)
3) Users are taking a token minted with the Antigravity client and using it in Open Claw to call "private" APIs.
Assuming it's #3, how is that physically accomplished? And then how does Google figure out it happened?
"how does Google figure out it happened" - no insider knowledge, but the calls Claw makes are very different than the regular IDE, so the calls and volume alone would be an indicator. Maybe Google has even updated their Antigravity IDEs to just include some other User Agent, that Claw auth does not have.
Everything just guesswork, but I don't think it is too hard to figure out whether it is Antigravity calling the APIs or any Claw.
its 3, openclaw author admitted it, you just point codex at an antigravity installation and ask it "figure out how to login like this thing"
and it starts decompiling javascript and extracting ids/secrets