registry  /  bitspark-agw  /  0.16.53

bitspark-agw@0.16.53

Agent Gateway CLI — set up and manage your project's connection to the Bitagent Gateway.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked Agent Gateway CLI that stores local gateway config and credentials and talks to Bitagent gateway APIs.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the agw CLI commands such as init, login, target, doctor, runs, or service-tokens.
Impact
Local gateway wiring and credential files may be created or updated as documented; no unconsented install-time or import-time behavior found.
Mechanism
User-directed CLI network/configuration operations
Rationale
Static inspection shows suspicious primitives are aligned with an interactive gateway-management CLI: no lifecycle hooks, no install-time execution, and .claude settings writes occur only through explicit user commands. The AI-agent control-surface mutation is consented project wiring, not hidden persistence or hijacking.
Evidence
package.jsondist/main.js~/.agw/config.json~/.agw/auth-token~/.agw/sessions/<hash>~/.agw/caps/<hash>.json~/.claude-gateway/config.json.agw.json.claude/settings.local.json
Network endpoints3
gateway.bitagent.devcompat.bitagent.devregistry.npmjs.org/-/package/bitspark-agw/dist-tags

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/main.js writes .claude/settings.local.json with ANTHROPIC_BASE_URL and x-gateway-credential, but only in explicit agw init/key rotate flows.
  • dist/main.js reads ~/.agw/auth-token, sessions, caps and .claude/settings.local.json for CLI auth/config state.
  • dist/main.js uses child_process execFileSync for git root/check-ignore and spawn only to open a browser for login.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts; bin is agw -> dist/main.js.
  • Default network endpoints are package-aligned: https://gateway.bitagent.dev, https://compat.bitagent.dev, and npm dist-tags check in doctor.
  • Network calls go through configured gateway API paths for auth, projects, runs, service tokens, capabilities, and are user-command driven.
  • Legacy ~/.claude-gateway migration copies local target config into ~/.agw only on CLI execution, not install/import.
  • No evidence of credential harvesting or exfiltration beyond user-configured gateway authentication and project credential management.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.06 MB of source, external domains: compat.bitagent.dev, gateway.bitagent.dev, json-schema.org, registry.npmjs.org

Source & flagged code

2 flagged · loading source
dist/main.jsView file
22106patternName = generic_password severity = medium line = 22106 matchedText = if (!fro...t) {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/main.jsView on unpkg · L22106
70const here = dirname(fileURLToPath(import.meta.url)); L71: return JSON.parse(readFileSync(join(here, "..", "..", "package.json"), "utf-8")).version ?? "0.0.0"; L72: } catch { ... L386: function defaultTarget(host, port) { L387: return { adminUrl: `http://${host}:${port}`, compatUrl: `http://${host}:${port - 1}` }; L388: } ... L457: ensureLegacyMigration(); L458: const hostOverride = strFlag(args.flags["host"]) ?? process.env["AGW_HOST"]; L459: const portOverride = strFlag(args.flags["port"]) ?? process.env["AGW_PORT"]; ... L470: flagTarget: strFlag(args.flags["target"]), L471: cwd: process.cwd(), L472: defaultHost: host,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/main.jsView on unpkg · L70

Findings

4 Medium5 Low
MediumSecret Patterndist/main.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/main.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License