AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network and filesystem primitives are user/admin-invoked dashboard features for ioBroker visualization, proxying, calendar fetch, and whitelisted file browsing.
Static reason
No blocking static signals were detected.
Trigger
ioBroker adapter runtime and frontend/admin user actions
Impact
No evidence of unconsented install-time execution, exfiltration, persistence, or destructive behavior.
Mechanism
dashboard web server with proxy, calendar fetch, state/object management, timers, and UI bundles
Rationale
Static source inspection shows a legitimate ioBroker visualization adapter with runtime proxy/calendar/timer/admin controls, and the sensitive primitives are package-aligned and user- or config-driven. There are no lifecycle hooks, fixed exfiltration hosts, credential collection, destructive actions, or hidden payload execution.
Evidence
package.jsonio-package.jsonmain.jslib/webExtension.jsREADME.mdwww/assets/echarts-Cv-_nZ52.js
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- main.js exposes user-driven HTTP/WS proxy and calendar URL fetch features
- main.js onMessage can ask ioBroker host to run adapter upgrade, but adapter name is constrained
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks
- main.js network activity is runtime dashboard/calendar/proxy behavior aligned with ioBroker visualization adapter
- main.js filesystem endpoints are read/list only and constrained to configured fsRoots
- No credential harvesting or fixed exfiltration endpoint found
- No child_process, eval, native binary, or AI-agent control-surface mutation found
- www/assets/echarts-Cv-_nZ52.js is bundled ECharts frontend code, not a staged payload
Behavioral surface
ChildProcessEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcewww/assets/echarts-Cv-_nZ52.jsView file
39`+g.message)}var n=new it;n.add(a),n.isGeoSVGGraphicRoot=!0;var i=e.width,o=e.height,s=e.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,f=void 0,v=void 0,h=void 0;if(i!=null?...
L40: `+i.message)}return o8(e,n),A(n,function(i){var o=i.name;l8(e,i),f8(e,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),n},r...
L41: `))}),t.join(`
Low
Eval
Package source references a known benign dynamic code generation pattern.
www/assets/echarts-Cv-_nZ52.jsView on unpkg · L39Findings
2 Medium7 Low
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalwww/assets/echarts-Cv-_nZ52.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings