registry  /  bitspark-agw  /  0.16.54

bitspark-agw@0.16.54

Agent Gateway CLI — set up and manage your project's connection to the Bitagent Gateway.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The sensitive behavior is an explicitly invoked Agent Gateway CLI that wires Claude project settings and stores gateway config/secrets for its own service.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `agw` commands such as `agw init`, `agw login`, `agw target`, or `agw doctor`.
Impact
Project Claude traffic can be routed through the configured Bitagent gateway after explicit CLI setup; no install-time or covert mutation found.
Mechanism
user-invoked gateway configuration and API client
Rationale
The scanner's agent-control and persistence signals are explained by documented, user-invoked gateway setup, not npm lifecycle delivery or hidden control-surface hijacking. Source inspection found no exfiltration, destructive behavior, remote payload loading, or unconsented install/import-time execution.
Evidence
package.jsonREADME.mddist/main.js.claude/settings.local.json.agw.json~/.agw/config.json~/.agw/auth-token~/.agw/sessions/*~/.claude-gateway/config.json
Network endpoints3
gateway.bitagent.devcompat.bitagent.devregistry.npmjs.org/-/package/bitspark-agw/dist-tags

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/main.js user-invoked `agw init` writes `.claude/settings.local.json` with `ANTHROPIC_BASE_URL` and `x-gateway-credential`.
  • dist/main.js stores targets/sessions under `~/.agw/` and migrates legacy `~/.claude-gateway` config on CLI run.
  • dist/main.js can open a browser for login and runs `git` only for root/gitignore checks.
Evidence against
  • package.json has no npm lifecycle hooks; only bin `agw` points to `dist/main.js`.
  • README.md documents `agw init` writing `.claude/settings.local.json`; this is the package's stated gateway setup behavior.
  • No install-time execution, no hidden persistence, no destructive file operations, and no broad credential harvesting found.
  • Network calls are to configured gateway APIs plus package-aligned defaults and npm dist-tags version check.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.06 MB of source, external domains: compat.bitagent.dev, gateway.bitagent.dev, json-schema.org, registry.npmjs.org

Source & flagged code

2 flagged · loading source
dist/main.jsView file
22124patternName = generic_password severity = medium line = 22124 matchedText = if (!fro...t) {
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/main.jsView on unpkg · L22124
70const here = dirname(fileURLToPath(import.meta.url)); L71: return JSON.parse(readFileSync(join(here, "..", "..", "package.json"), "utf-8")).version ?? "0.0.0"; L72: } catch { ... L386: function defaultTarget(host, port) { L387: return { adminUrl: `http://${host}:${port}`, compatUrl: `http://${host}:${port - 1}` }; L388: } ... L457: ensureLegacyMigration(); L458: const hostOverride = strFlag(args.flags["host"]) ?? process.env["AGW_HOST"]; L459: const portOverride = strFlag(args.flags["port"]) ?? process.env["AGW_PORT"]; ... L470: flagTarget: strFlag(args.flags["target"]), L471: cwd: process.cwd(), L472: defaultHost: host,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/main.jsView on unpkg · L70

Findings

4 Medium5 Low
MediumSecret Patterndist/main.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/main.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License