AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime proxy, calendar fetch, filesystem browsing, and adapter-management RPCs are package-aligned ioBroker dashboard features rather than install-time or hidden behavior.
Static reason
No blocking static signals were detected.
Trigger
ioBroker adapter runtime after user configuration or frontend RPC
Impact
No confirmed credential theft, destructive action, persistence, unauthorized install-time mutation, or exfiltration.
Mechanism
dashboard server with proxy, calendar fetch, read-only file browser, timers, and ioBroker object/state updates
Rationale
Direct inspection found no install-time execution or hidden malicious chain; the suspicious primitives are runtime ioBroker adapter capabilities exposed for configured dashboard functionality. The explicit upgrade/restart commands are user-invoked and constrained by simple identifiers, so they do not establish package malware by themselves.
Evidence
package.jsonmain.jslib/webExtension.jsio-package.json
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
- main.js exposes runtime HTTP/WebSocket proxy for user-supplied URLs.
- main.js onMessage has user-command adapter management actions including restart/upgrade via ioBroker host cmdExec.
- main.js exposes read-only filesystem browse/read routes constrained to configured fsRoots.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks and main is main.js.
- Network code is tied to ioBroker dashboard features: calendar.request fetch, configured proxy, and local socket backend forwarding.
- No credential/env harvesting, external exfiltration endpoint, child_process use, eval/vm/Function, native binary loading, or persistence found in reviewed source.
- Filesystem routes validate paths against configured fsRoots; io-package.json defaults fsAllowWrite to false and inspected routes only list/read.
- Admin/runtime object mutations are ioBroker adapter state/object management, client/timer/list cleanup, and explicit frontend RPCs.
Behavioral surface
ChildProcessEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcewww/assets/echarts-Cv-_nZ52.jsView file
39`+g.message)}var n=new it;n.add(a),n.isGeoSVGGraphicRoot=!0;var i=e.width,o=e.height,s=e.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,f=void 0,v=void 0,h=void 0;if(i!=null?...
L40: `+i.message)}return o8(e,n),A(n,function(i){var o=i.name;l8(e,i),f8(e,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),n},r...
L41: `))}),t.join(`
Low
Eval
Package source references a known benign dynamic code generation pattern.
www/assets/echarts-Cv-_nZ52.jsView on unpkg · L39Findings
2 Medium7 Low
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalwww/assets/echarts-Cv-_nZ52.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings