AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package exposes an ioBroker visualization dashboard with runtime HTTP/WebSocket proxying, calendar fetching, state/object management, and admin-triggered adapter actions.
Static reason
No blocking static signals were detected.
Trigger
ioBroker adapter runtime and frontend/admin user actions
Impact
Package-aligned local visualization and administration behavior; no evidence of stealth exfiltration or install-time mutation.
Mechanism
dashboard server, proxy, calendar fetcher, ioBroker state/object RPC
Rationale
Static source inspection shows an ioBroker visualization adapter with expected runtime network/proxy/admin capabilities and no install-time execution or concrete malicious chain. Potentially powerful actions are package-aligned and user/admin-invoked rather than stealthy or unconsented.
Evidence
package.jsonmain.jslib/webExtension.jsio-package.jsonwww/assets/index-lNcC-t2F.jswww/assets/echarts-Cv-_nZ52.js
Network endpoints6
github.com/hdering/ioBroker.aura.gitgithub.com/hdering/ioBroker.aura/issuesraw.githubusercontent.com/hdering/ioBroker.aura/main/admin/aura.pngapi.iconify.designapi.simplesvg.comapi.unisvg.com
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts; main is main.js.
- main.js network use is runtime ioBroker dashboard behavior: HTTP server, user-supplied calendar fetch/cache, and proxy routes.
- lib/webExtension.js registers /aura/proxy and /aura/proxyws for dashboard embedding; no hardcoded exfiltration endpoint.
- main.js onMessage cmdExec is limited to validated adapter upgrade command via ioBroker host and is user/admin-invoked.
- No child_process, broad filesystem harvesting, credential exfiltration, persistence, or AI-agent control-surface writes found.
- Bundled www assets are frontend libraries/app chunks; eval-like findings align with minified chart/Iconify code.
Behavioral surface
ChildProcessEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcewww/assets/echarts-Cv-_nZ52.jsView file
39`+g.message)}var n=new it;n.add(a),n.isGeoSVGGraphicRoot=!0;var i=e.width,o=e.height,s=e.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,f=void 0,v=void 0,h=void 0;if(i!=null?...
L40: `+i.message)}return o8(e,n),A(n,function(i){var o=i.name;l8(e,i),f8(e,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),n},r...
L41: `))}),t.join(`
Low
Eval
Package source references a known benign dynamic code generation pattern.
www/assets/echarts-Cv-_nZ52.jsView on unpkg · L39Findings
2 Medium7 Low
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalwww/assets/echarts-Cv-_nZ52.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings