registry  /  @orcha-ai/runtime-bridge  /  0.1.0

@orcha-ai/runtime-bridge@0.1.0

Local Orcha runtime bridge for ACP-compatible agent runtimes.

AI Security Review

scanned 22h ago · by lpm-firewall-ai

User-invoked runtime bridge that connects to configured Orcha service and launches configured local agent runtimes. Risk is inherent remote orchestration capability, but it is package-aligned and not installed or activated silently.

Static reason
One or more suspicious static signals were detected.
Trigger
user runs orcha-runtime-bridge run/start with environment configuration
Impact
Remote Orcha requests can prompt configured local agent runtimes after the user runs and configures the bridge.
Mechanism
configured WebSocket runtime bridge and child process adapter
Rationale
The suspicious primitives are consistent with a documented local runtime bridge: user-configured networking, child-process adapters, and optional background pid/log management. There is no lifecycle execution, unconsented agent-control mutation, credential harvesting, or hardcoded exfiltration behavior.
Evidence
package.jsonbin/orcha-runtime-bridge.jsREADME.md.env.example.envORCHA_RUNTIME_ENV_FILEORCHA_RUNTIME_PID_FILE or .orcha-runtime-bridge.pidORCHA_RUNTIME_LOG_FILE or .orcha-runtime-bridge.log/tmp/orcha-runtime-last-message-<uuid>.txtconfigured target command
Network endpoints3
ORCHA_RUNTIME_ORCHA_URL + /api/agent-runtime-bridge/wsorcha.example.comorcha.tansuo.cloud

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/orcha-runtime-bridge.js spawns configured runtime commands and relays stdout/stderr as session updates.
  • Runtime node mode opens a WebSocket to ORCHA_RUNTIME_ORCHA_URL and accepts Orcha RPC requests.
  • User-invoked start command can detach a background bridge and write pid/log files in cwd or configured paths.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • No code writes Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces.
  • Command execution is driven by ORCHA_RUNTIME_TARGETS_JSON or documented openclaw/codex examples, not install/import time.
  • Network endpoint is configured Orcha bridge path; no hardcoded exfiltration host or credential harvesting found.
  • Env loading reads .env/ORCHA_RUNTIME_ENV_FILE for package configuration and does not enumerate unrelated secrets.
Behavioral surface
Source
EnvironmentVars
Supply chain
Minified
Manifest
NoLicense
scanned 1 file(s), 32.6 KB of source

Source & flagged code

2 flagged · loading source
bin/orcha-runtime-bridge.jsView file
1#!/usr/bin/env node L2: import{spawn as re}from"node:child_process";import{closeSync as ie,existsSync as oe,mkdirSync as ae,openSync as ce,readFileSync as de,rmSync as ue,writeFileSync as le}from"node:fs"... L3: `):""}var C=class{constructor(t){this.agent=t,this.sessionCounter=0}async sessionNew(){return this.sessionCounter+=1,{sessionId:`echo-${this.agent.agentId}-${this.sessionCounter}`}... L4: \r ... L10: `}}})}}}async sessionCancel(t){let e=o(t.sessionId),n=this.active.get(e);return n?(h("info","runtime.cli","cancelling runtime child",{target:this.agent.targetCode,sessionId:e,pid:n... L11: `)}];return this.prompt({...t,agentId:n,sessionId:a,prompt:u},e)}async requestPermission({agent:t,runtimeSessionId:e,request:n,emitUpdate:r}){let i=$(),c=this.runtimeSessionIndex.g... L12: `).replaceAll("\\r","\r").replaceAll("\\t"," ").replaceAll('\\"','"').replaceAll("\\\\","\\")}function se(s){let t=!1,e=!1;for(let n=0;n<s.length;n+=1){let r=s[n],i=s[n-1];if(r==="...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/orcha-runtime-bridge.jsView on unpkg · L1
1#!/usr/bin/env node L2: import{spawn as re}from"node:child_process";import{closeSync as ie,existsSync as oe,mkdirSync as ae,openSync as ce,readFileSync as de,rmSync as ue,writeFileSync as le}from"node:fs"... L3: `):""}var C=class{constructor(t){this.agent=t,this.sessionCounter=0}async sessionNew(){return this.sessionCounter+=1,{sessionId:`echo-${this.agent.agentId}-${this.sessionCounter}`}... L4: \r ... L10: `}}})}}}async sessionCancel(t){let e=o(t.sessionId),n=this.active.get(e);return n?(h("info","runtime.cli","cancelling runtime child",{target:this.agent.targetCode,sessionId:e,pid:n... L11: `)}];return this.prompt({...t,agentId:n,sessionId:a,prompt:u},e)}async requestPermission({agent:t,runtimeSessionId:e,request:n,emitUpdate:r}){let i=$(),c=this.runtimeSessionIndex.g... L12: `).replaceAll("\\r","\r").replaceAll("\\t"," ").replaceAll('\\"','"').replaceAll("\\\\","\\")}function se(s){let t=!1,e=!1;for(let n=0;n<s.length;n+=1){let r=s[n],i=s[n-1];if(r==="...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/orcha-runtime-bridge.jsView on unpkg · L1

Findings

2 High1 Medium2 Low
HighSame File Env Network Executionbin/orcha-runtime-bridge.js
HighCommand Output Exfiltrationbin/orcha-runtime-bridge.js
MediumEnvironment Vars
LowScripts Present
LowNo License