AntiGraviti tools parsed based on reverse engineering and ParseToolArgs structs found in the binary. We need strings, the juice is in the DATA block and not in the code.
I have used the following commands on my MacOS:
1. Extract strings to file for faster iterations
# strings /Applications/Antigravity.app/Contents/Resources/app/extensions/antigravity/bin/language_server_macos_arm > ~/Downloads/language_server_macos_arm_strings.txt
2. Search tools
| The kvcache_agent component in Modular Max Server uses unauthenticated PyZMQ TCP sockets together pickle for deserialization, | |
| which allows remote attackers to execute arbitary code with the priviliges of the modular server. | |
| As the KV Cache Agent is currently in development and experimental, this code has being temporarily replaced with MsgPack for deserialization. | |
| # References: | |
| # https://github.com/simveit/modular/blob/5deed08225bb167eb5da5fb92a3f3bc62da6101a/max/serve/queue/zmq_queue.py#L49 | |
| # https://github.com/modular/modular/commit/10620059fb5c47fb0c30e5d21a8ff3b8d622fba4#diff-0a431c9c2c12d683e9d99376724b7f0325cdfdadc181649f7a9c620e54d54d91R23-R223 |
| #!/bin/bash | |
| # Image generation tool using Hugging Face FLUX.1-schnell model | |
| # Usage: genimage [prompt] or just genimage for Black Forest default | |
| function genimage() { | |
| local prompt="${1:-}" | |
| local api_url="https://api-inference.huggingface.co/models/black-forest-labs/FLUX.1-schnell" | |
| local api_token="<your HuggingFace API Token here>" |
| # Check if the current org has S3 public buckets. | |
| for bucket in $(aws s3api list-buckets --query "Buckets[].Name" --output text); do | |
| echo "Checking bucket: $bucket" | |
| # Get the public access block | |
| pab=$(aws s3api get-bucket-policy-status --bucket "$bucket" 2>/dev/null) | |
| if echo "$pab" | grep -q '"IsPublic": true'; then | |
| echo "🚨 $bucket is PUBLIC" |
| [ | |
| { | |
| "file": "pyproject.toml", | |
| "fileType": "pyproject.toml", | |
| "oneLiner": "uv run --python '>=3.8.10' --with 'maturin,uv' python -c 'import uv; print(uv.__version__)'", | |
| "uvInstallFromSource": "uv run --with 'git+https://github.com/astral-sh/uv' --python '>=3.8.10' python", | |
| "dependencies": [ | |
| "maturin" | |
| ], | |
| "packageName": "uv", |
| [V1] | |
| You are a powerful agentic AI coding assistant, powered by [Claude 3.7 Sonnet]. You operate exclusively in Cursor, the world's best IDE. | |
| Your main goal is to follow the USER's instructions at each message. | |
| # Additional context | |
| Each time the USER sends a message, we may automatically attach some information about their current state, such as what files they have open, where their cursor is, recently viewed files, edit history in their session so far, linter errors, and more. | |
| Some information may be summarized or truncated. | |
| This information may or may not be relevant to the coding task, it is up for you to decide. |
| # Path and cmdline: | |
| # /usr/bin/entry/images/py_interpreter.runfiles/rules_python~0.31.0~python~python_3_10_x86_64-unknown-linux-gnu/bin/python3�/usr/bin/entry/images/py_interpreter.runfiles/_main/images/py_interpreter.py�--input�/tmp/sandbox_in�--output�/tmp/sandbox_out�--rpc_input�/tmp/sandbox_rpc_in�--rpc_output�/tmp/sandbox_rpc_out� | |
| """Executes Python code provided via a string input parameter. | |
| This method can accept any string of one or more lines of Python code that limit | |
| non-built-in module use to the dependencies defined for the py_type binary built | |
| using this script. | |
| """ |
| import IPython | |
| import threading | |
| import time | |
| import os | |
| def display_netron(path): | |
| os.system(f'netron {path}') | |
| thread = threading.Thread(target=display_netron, args=(output_path,)) | |
| thread.start() |
| TOOLKIT_CUDA_VERSION=cu114 pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/$TOOLKIT_CUDA_VERSION | |
| alias locate='find / -name $!' |