registry  /  bitspark-agw  /  0.16.46

bitspark-agw@0.16.46

Agent Gateway CLI — set up and manage your project's connection to the Bitagent Gateway.

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a developer CLI for configuring Bitagent Gateway access, with network, token, and .claude settings writes tied to explicit CLI actions.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the agw CLI commands such as login, target, init, status, or doctor.
Impact
Can store gateway sessions/tokens and wire a project to a configured gateway endpoint when explicitly commanded; no install-time or hidden exfiltration found.
Mechanism
User-invoked gateway CLI configuration and API client
Rationale
Static source inspection found sensitive primitives, but they are consistent with an explicit gateway-management CLI and are not activated by npm lifecycle hooks or hidden import-time behavior. The .claude/settings.local.json mutation is performed by user-invoked setup commands to set ANTHROPIC_BASE_URL and a gateway credential, not by unconsented install-time execution.
Evidence
package.jsondist/main.js~/.agw/config.json~/.agw/auth-token~/.agw/sessions/<hash>~/.agw/capabilities/<hash>.json~/.claude-gateway/config.json.agw.json.claude/settings.local.json
Network endpoints3
gateway.bitagent.devcompat.bitagent.devregistry.npmjs.org/-/package/bitspark-agw/dist-tags

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has bin only and no install/preinstall/postinstall lifecycle hooks.
    • dist/main.js default execution is a CLI dispatcher; help/version paths exit without setup mutation.
    • dist/main.js reads AGW_* env vars and ~/.agw auth/session files to configure user-requested gateway calls.
    • dist/main.js network calls target configured gateway URLs plus built-in https://gateway.bitagent.dev, https://compat.bitagent.dev, and an npm latest-version check.
    • dist/main.js writes ~/.agw config/cache/session files and project .agw.json/.claude/settings.local.json only through CLI commands such as target/login/init.
    • dist/main.js child_process use is package-aligned: git root discovery and opening browser for login.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 1 file(s), 1.06 MB of source, external domains: compat.bitagent.dev, gateway.bitagent.dev, json-schema.org, registry.npmjs.org

    Source & flagged code

    2 flagged · loading source
    dist/main.jsView file
    22057patternName = generic_password severity = medium line = 22057 matchedText = if (!fro...t) {
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/main.jsView on unpkg · L22057
    70const here = dirname(fileURLToPath(import.meta.url)); L71: return JSON.parse(readFileSync(join(here, "..", "..", "package.json"), "utf-8")).version ?? "0.0.0"; L72: } catch { ... L386: function defaultTarget(host, port) { L387: return { adminUrl: `http://${host}:${port}`, compatUrl: `http://${host}:${port - 1}` }; L388: } ... L457: ensureLegacyMigration(); L458: const hostOverride = strFlag(args.flags["host"]) ?? process.env["AGW_HOST"]; L459: const portOverride = strFlag(args.flags["port"]) ?? process.env["AGW_PORT"]; ... L470: flagTarget: strFlag(args.flags["target"]), L471: cwd: process.cwd(), L472: defaultHost: host,
    Medium
    Install Persistence

    Source writes installer persistence such as shell profile or service configuration.

    dist/main.jsView on unpkg · L70

    Findings

    4 Medium5 Low
    MediumSecret Patterndist/main.js
    MediumNetwork
    MediumEnvironment Vars
    MediumInstall Persistencedist/main.js
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License