registry  /  iobroker.aura  /  0.18.0

iobroker.aura@0.18.0

Modern visualization dashboard for ioBroker

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Runtime network and filesystem primitives are aligned with an ioBroker visualization dashboard, proxy, calendar relay, and static asset server.

Static reason
No blocking static signals were detected.
Trigger
ioBroker adapter runtime after user configuration or dashboard requests
Impact
Expected dashboard functionality; no evidence of exfiltration, install-time mutation, or arbitrary code execution
Mechanism
local HTTP/WebSocket proxy, calendar URL fetch, static file serving
Rationale
Static inspection shows an ioBroker dashboard adapter with expected runtime proxy/calendar features and no lifecycle hooks or malicious code paths. The suspicious network and script-rewrite snippets are package-aligned browser proxy behavior, not evidence of malware.
Evidence
package.jsonmain.jsio-package.json/opt/iobroker/iobroker-data/files
Network endpoints3
github.com/hdering/ioBroker.aura/issueshdering.github.io/ioBroker.aura/raw.githubusercontent.com/hdering/ioBroker.aura/main/admin/aura.png

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks; main is main.js.
    • main.js network code implements user/runtime dashboard proxy and calendar fetch relay, using requested URLs from adapter state or /proxy parameters.
    • main.js filesystem usage is static web serving and configured file-browser roots; writes are disabled by default in io-package.json fsAllowWrite=false.
    • No child_process, eval/Function, dynamic require/import, credential harvesting, persistence, or AI-agent control writes found by source search.
    • io-package.json identifies a daemon ioBroker visualization adapter with local dashboard links and expected calendar/proxy states.
    Behavioral surface
    Source
    ChildProcessEvalFilesystemNetwork
    Supply chain
    HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 40 file(s), 4.05 MB of source, external domains: 192.168.1.x, api.iconify.design, api.simplesvg.com, api.unisvg.com, bit.ly, calendar.google.com, cdn.jsdelivr.net, fb.me, fonts.googleapis.com, github.com, hdering.github.io, leafletjs.com, photon.komoot.io, reactjs.org, redux-toolkit.js.org, redux.js.org, server.arcgisonline.com, smarthjemmet.dk, www.w3.org

    Source & flagged code

    1 flagged · loading source
    www/assets/echarts-Cv-_nZ52.jsView file
    39`+g.message)}var n=new it;n.add(a),n.isGeoSVGGraphicRoot=!0;var i=e.width,o=e.height,s=e.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,f=void 0,v=void 0,h=void 0;if(i!=null?... L40: `+i.message)}return o8(e,n),A(n,function(i){var o=i.name;l8(e,i),f8(e,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),n},r... L41: `))}),t.join(`
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    www/assets/echarts-Cv-_nZ52.jsView on unpkg · L39

    Findings

    2 Medium7 Low
    MediumNetwork
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowEvalwww/assets/echarts-Cv-_nZ52.js
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings