registry  /  @orcha-ai/runtime-bridge  /  0.1.2

@orcha-ai/runtime-bridge@0.1.2

Local Orcha runtime bridge for ACP-compatible agent runtimes.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs orcha-runtime-bridge, orcha-runtime-bridge start, or npm start.
Impact
Configured Orcha endpoint can request prompts, dispatch tasks, receive runtime output/artifacts, and cancel sessions through the bridge.
Mechanism
configured WebSocket bridge spawning configured agent CLI/ACP targets
Policy narrative
When explicitly run, the package loads ORCHA_RUNTIME_* configuration, connects to the configured Orcha WebSocket, authenticates with a node token, and processes remote runtime requests by creating agents, prompting configured local runtimes, and forwarding updates. It can spawn configured commands such as codex/openclaw/claude and collect matching Codex transcript artifacts. This is a dangerous remote-control capability but matches the package's documented runtime-bridge purpose and is not delivered through npm lifecycle execution.
Rationale
The source shows a documented, user-invoked runtime bridge with remote agent execution capability, not covert malware or unconsented install-time agent control-surface mutation. Because it exposes powerful AI-agent control to a configured remote service, downgrade to warn rather than mark clean.
Evidence
package.jsonbin/orcha-runtime-bridge.jsREADME.md.env.example.env.orcha-runtime-bridge.pid.orcha-runtime-bridge.log$CODEX_HOME/sessions/**/*.jsonl
Network endpoints2
ORCHA_RUNTIME_ORCHA_URL -> /api/agent-runtime-bridge/wsorcha.example.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/orcha-runtime-bridge.js opens a WebSocket to configured ORCHA_RUNTIME_ORCHA_URL and accepts remote Orcha RPC methods.
  • bin/orcha-runtime-bridge.js can spawn configured local runtimes via child_process for stdio-acp/openclaw/cli targets.
  • bin/orcha-runtime-bridge.js can read Codex session JSONL files under CODEX_HOME/.codex sessions to collect matching artifacts.
  • bin/orcha-runtime-bridge.js start mode creates a detached background process with pid/log files.
Evidence against
  • package.json has no npm lifecycle hooks; execution is via bin/start script only.
  • README.md and .env.example document the bridge, Orcha WebSocket, target commands, pid/log files, and env configuration.
  • Network destination and runtime commands are user-configured, not hardcoded covert endpoints or payload URLs.
  • No code writes foreign AI-agent config files, MCP configs, shell startup files, or VCS hooks.
  • No credential harvesting beyond reading its own ORCHA_RUNTIME_* config/env values was found.
Behavioral surface
Source
EnvironmentVars
Supply chain
Minified
Manifest
NoLicense
scanned 1 file(s), 40.1 KB of source

Source & flagged code

2 flagged · loading source
bin/orcha-runtime-bridge.jsView file
1#!/usr/bin/env node L2: import{spawn as Ye}from"node:child_process";import{closeSync as Qe,existsSync as Ze,mkdirSync as tr,openSync as er,readFileSync as rr,rmSync as nr,writeFileSync as sr}from"node:fs"... L3: `):""}var D=class{constructor(t){this.agent=t,this.sessionCounter=0}async sessionNew(){return this.sessionCounter+=1,{sessionId:`echo-${this.agent.agentId}-${this.sessionCounter}`}... L4: \r ... L12: `}}})}}}async sessionCancel(t){let e=c(t.sessionId),n=this.active.get(e);return n?(h("info","runtime.cli","cancelling runtime child",{target:this.agent.targetCode,sessionId:e,pid:n... L13: `)}];return this.prompt({...t,agentId:n,sessionId:a,prompt:d},e)}async requestPermission({agent:t,runtimeSessionId:e,request:n,emitUpdate:s}){let i=j(),o=this.runtimeSessionIndex.g... L14: `).replaceAll("\\r","\r").replaceAll("\\t"," ").replaceAll('\\"','"').replaceAll("\\\\","\\")}function Ve(r){let t=!1,e=!1;for(let n=0;n<r.length;n+=1){let s=r[n],i=r[n-1];if(s==="...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/orcha-runtime-bridge.jsView on unpkg · L1
1#!/usr/bin/env node L2: import{spawn as Ye}from"node:child_process";import{closeSync as Qe,existsSync as Ze,mkdirSync as tr,openSync as er,readFileSync as rr,rmSync as nr,writeFileSync as sr}from"node:fs"... L3: `):""}var D=class{constructor(t){this.agent=t,this.sessionCounter=0}async sessionNew(){return this.sessionCounter+=1,{sessionId:`echo-${this.agent.agentId}-${this.sessionCounter}`}... L4: \r ... L12: `}}})}}}async sessionCancel(t){let e=c(t.sessionId),n=this.active.get(e);return n?(h("info","runtime.cli","cancelling runtime child",{target:this.agent.targetCode,sessionId:e,pid:n... L13: `)}];return this.prompt({...t,agentId:n,sessionId:a,prompt:d},e)}async requestPermission({agent:t,runtimeSessionId:e,request:n,emitUpdate:s}){let i=j(),o=this.runtimeSessionIndex.g... L14: `).replaceAll("\\r","\r").replaceAll("\\t"," ").replaceAll('\\"','"').replaceAll("\\\\","\\")}function Ve(r){let t=!1,e=!1;for(let n=0;n<r.length;n+=1){let s=r[n],i=r[n-1];if(s==="...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/orcha-runtime-bridge.jsView on unpkg · L1

Findings

2 High1 Medium2 Low
HighSame File Env Network Executionbin/orcha-runtime-bridge.js
HighCommand Output Exfiltrationbin/orcha-runtime-bridge.js
MediumEnvironment Vars
LowScripts Present
LowNo License