registry  /  iobroker.anthbot  /  0.1.0

iobroker.anthbot@0.1.0

Connect with Anthbot devices such as their robot mowers

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 126 KB of source

Source & flagged code

5 flagged · loading source
lib/anthbotApi.jsView file
21patternName = aws_access_key severity = critical line = 21 matchedText = const AW...45';
Critical
Critical Secret

Package contains a critical-looking secret pattern.

lib/anthbotApi.jsView on unpkg · L21
21patternName = aws_access_key severity = critical line = 21 matchedText = const AW...45';
Critical
Secret Pattern

AWS access key ID in lib/anthbotApi.js

lib/anthbotApi.jsView on unpkg · L21
24patternName = aws_access_key severity = critical line = 24 matchedText = const AW...5V';
Critical
Secret Pattern

AWS access key ID in lib/anthbotApi.js

lib/anthbotApi.jsView on unpkg · L24
27patternName = aws_access_key severity = critical line = 27 matchedText = const AW...74';
Critical
Secret Pattern

AWS access key ID in lib/anthbotApi.js

lib/anthbotApi.jsView on unpkg · L27
3* NodeJS port of the Python api.py module by @vincentjanv... L4: * https://github.com/vincentjanv/anthbot_genie_ha L5: * ... with a few addions/changes of course ;) ... L12: const tarStream = require('tar-stream'); L13: const { URLSearchParams } = require('node:url'); L14: ... L113: if (contentType.includes('application/json') || contentType.startsWith('text/')) { L114: const responseBody = await responseClone.text(); L115: if (responseBody) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/anthbotApi.jsView on unpkg · L3

Findings

4 Critical1 Medium3 Low
CriticalCritical Secretlib/anthbotApi.js
CriticalSecret Patternlib/anthbotApi.js
CriticalSecret Patternlib/anthbotApi.js
CriticalSecret Patternlib/anthbotApi.js
MediumNetwork
LowScripts Present
LowWeak Cryptolib/anthbotApi.js
LowHigh Entropy Strings