registry  /  bitspark-agw  /  0.16.50

bitspark-agw@0.16.50

Agent Gateway CLI — set up and manage your project's connection to the Bitagent Gateway.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a documented Agent Gateway CLI that performs user-invoked gateway configuration and API calls.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs agw commands such as target, init, login, status, doctor, key, or service-tokens.
Impact
User-selected project may be wired to Bitagent Gateway; no evidence of stealth persistence, credential exfiltration, or destructive behavior.
Mechanism
CLI-managed gateway targeting, credential minting, and Claude settings wiring
Rationale
Static inspection found sensitive primitives, but they are documented CLI behavior gated by explicit user commands and aligned with the package purpose. There are no lifecycle hooks, stealth import-time actions, broad secret harvesting, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonREADME.mddist/main.js~/.agw/config.json~/.agw/auth-token~/.agw/sessions/*.agw.json.claude/settings.local.json
Network endpoints3
gateway.bitagent.devcompat.bitagent.devregistry.npmjs.org/-/package/bitspark-agw/dist-tags

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/main.js writes .claude/settings.local.json and .agw.json during explicit agw init/key commands
  • dist/main.js can open a browser and run git via execFileSync for root/gitignore checks
  • dist/main.js sends authenticated requests to configured gateway APIs
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks
  • package.json exposes only bin agw -> dist/main.js
  • README.md documents agw init wiring .claude/settings.local.json
  • dist/main.js defaults network to https://gateway.bitagent.dev and https://compat.bitagent.dev, aligned with Agent Gateway CLI purpose
  • Credential/session reads are from ~/.agw, CLI flags, and project wiring, not broad environment/file harvesting
  • AI-agent settings mutation is user-invoked and documented, not install-time or import-time
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.06 MB of source, external domains: compat.bitagent.dev, gateway.bitagent.dev, json-schema.org, registry.npmjs.org

Source & flagged code

2 flagged · loading source
dist/main.jsView file
22096patternName = generic_password severity = medium line = 22096 matchedText = if (!fro...t) {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/main.jsView on unpkg · L22096
70const here = dirname(fileURLToPath(import.meta.url)); L71: return JSON.parse(readFileSync(join(here, "..", "..", "package.json"), "utf-8")).version ?? "0.0.0"; L72: } catch { ... L386: function defaultTarget(host, port) { L387: return { adminUrl: `http://${host}:${port}`, compatUrl: `http://${host}:${port - 1}` }; L388: } ... L457: ensureLegacyMigration(); L458: const hostOverride = strFlag(args.flags["host"]) ?? process.env["AGW_HOST"]; L459: const portOverride = strFlag(args.flags["port"]) ?? process.env["AGW_PORT"]; ... L470: flagTarget: strFlag(args.flags["target"]), L471: cwd: process.cwd(), L472: defaultHost: host,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/main.jsView on unpkg · L70

Findings

4 Medium5 Low
MediumSecret Patterndist/main.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/main.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License