registry  /  @oxgeneral/orch  /  1.0.27

@oxgeneral/orch@1.0.27

⚠ Under review

AI agent runtime — orchestrate Claude, Cursor, Codex & OpenCode as one team. Multi-agent task automation with state machine, auto-retry, inter-agent messaging, goals and teams. Zero-config CLI + programmatic API.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 96 file(s), 644 KB of source, external domains: github.com

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/chunk-6DWHQPTE.jsView file
9} L10: require(kind) { L11: const adapter = this.adapters.get(kind);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-6DWHQPTE.jsView on unpkg · L9
scripts/postinstall.cjsView file
1Install-time AI-agent control hijack evidence: L7: L8: const { readFileSync, writeFileSync, existsSync, mkdirSync } = require('node:fs'); L9: const { join } = require('node:path'); ... L22: s = s.replace('cache[cacheKey] = wrappedText;', `cache[cacheKey] = wrappedText;\n _lruKeys.push(cacheKey);\n if (_lruKeys.length > _MAX) { delete cache[_lruKeys.shift()]; }`)... L23: writeFileSync(wrapPath, s); L24: } ... L32: s = s.replace('cache.set(text, dimensions);', `cache.set(text, dimensions);\n if (cache.size > _MAX_MT) { const first = cache.keys().next().value; cache.delete(first); }`); L33: writeFileSync(measurePath, s); L34: } ... L46: s = s.replace('this.blockWidths.set(text, cached);', `this.blockWidths.set(text, cached);${lru('blockWidths')}`); L47: writeFileSync(outputPath, s); L48: } Payload evidence from skills/orch/SKILL.md: L1: --- L2: name: orch
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/postinstall.cjsView on unpkg · L1
13Manifest entrypoint (scripts.postinstall) carries capability families absent from dist/build output: environment+network L13: try { L14: const inkBuild = join(__dirname, '..', 'node_modules', 'ink', 'build'); L15: const MAX = 2000; ... L69: // Skip banner in CI or non-interactive environments L70: if (process.env.CI || !process.stderr.isTTY) process.exit(0); L71: ... L76: L77: process.stderr.write(` L78: ${green('✓')} ${bold('orchestry')} installed ... L82: ${sk[redacted] ? ` ${dim('or use')} ${bold('/orch')} ${dim('in Claude Code')}\n` : ''} L83: ${dim('⭐ Like it? Star us on GitHub: https://github.com/oxgeneral/ORCH')} L84:
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

scripts/postinstall.cjsView on unpkg · L13
scripts/release.shView file
path = scripts/release.sh kind = build_helper sizeBytes = 929 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/release.shView on unpkg

Findings

1 Critical2 High5 Medium5 Low
CriticalAi Agent Control Hijackscripts/postinstall.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighEntrypoint Build Divergencescripts/postinstall.cjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/chunk-6DWHQPTE.js
MediumEnvironment Vars
MediumShips Build Helperscripts/release.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings