With no authentication it's a "gates down" scenario and it's assumed that if you put your server on the open internet you intend people to connect to it.

With authentication it's "gates up" and then "without authorization" from CFAA kicks in. I think it's unlikely that a user agent string creates a "gates up" situation, especially not if it's from code granted under a permissive license.