AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Runtime network and filesystem primitives are aligned with an ioBroker visualization dashboard, proxy, calendar relay, and static asset server.
Static reason
No blocking static signals were detected.
Trigger
ioBroker adapter runtime after user configuration or dashboard requests
Impact
Expected dashboard functionality; no evidence of exfiltration, install-time mutation, or arbitrary code execution
Mechanism
local HTTP/WebSocket proxy, calendar URL fetch, static file serving
Rationale
Static inspection shows an ioBroker dashboard adapter with expected runtime proxy/calendar features and no lifecycle hooks or malicious code paths. The suspicious network and script-rewrite snippets are package-aligned browser proxy behavior, not evidence of malware.
Evidence
package.jsonmain.jsio-package.json/opt/iobroker/iobroker-data/files
Network endpoints3
github.com/hdering/ioBroker.aura/issueshdering.github.io/ioBroker.aura/raw.githubusercontent.com/hdering/ioBroker.aura/main/admin/aura.png
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks; main is main.js.
- main.js network code implements user/runtime dashboard proxy and calendar fetch relay, using requested URLs from adapter state or /proxy parameters.
- main.js filesystem usage is static web serving and configured file-browser roots; writes are disabled by default in io-package.json fsAllowWrite=false.
- No child_process, eval/Function, dynamic require/import, credential harvesting, persistence, or AI-agent control writes found by source search.
- io-package.json identifies a daemon ioBroker visualization adapter with local dashboard links and expected calendar/proxy states.
Behavioral surface
ChildProcessEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcewww/assets/echarts-Cv-_nZ52.jsView file
39`+g.message)}var n=new it;n.add(a),n.isGeoSVGGraphicRoot=!0;var i=e.width,o=e.height,s=e.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,f=void 0,v=void 0,h=void 0;if(i!=null?...
L40: `+i.message)}return o8(e,n),A(n,function(i){var o=i.name;l8(e,i),f8(e,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),n},r...
L41: `))}),t.join(`
Low
Eval
Package source references a known benign dynamic code generation pattern.
www/assets/echarts-Cv-_nZ52.jsView on unpkg · L39Findings
2 Medium7 Low
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalwww/assets/echarts-Cv-_nZ52.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings