AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The adapter starts a configured dashboard server, fetches user-requested calendar URLs, and proxies configured HTTP/WebSocket targets.
Static reason
No blocking static signals were detected.
Trigger
Adapter runtime plus dashboard, calendar, or proxy use.
Impact
No credential harvesting, remote payload execution, destructive action, or stealth persistence established.
Mechanism
Package-aligned HTTP/WebSocket proxy, calendar retrieval, and whitelisted file browsing.
Rationale
Direct source inspection found normal ioBroker dashboard functionality, not a concrete malicious chain. The scanner's dynamic-code hint is attributable to bundled frontend vendor code and not package attack behavior.
Evidence
package.jsonmain.jslib/webExtension.jsio-package.jsonwww/assets/echarts-Cv-_nZ52.js
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks.
- main.js only executes as the adapter entrypoint.
- main.js calendar fetch uses a state-supplied URL and caches its response.
- main.js filesystem routes enforce configured root paths and block escaping symlinks.
- lib/webExtension.js proxy routes are explicit dashboard features.
- No source-level child-process, shell, eval, or AI-agent control writes found.
Behavioral surface
ChildProcessEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Source & flagged code
1 flagged · loading sourcewww/assets/echarts-Cv-_nZ52.jsView file
39`+g.message)}var n=new it;n.add(a),n.isGeoSVGGraphicRoot=!0;var i=e.width,o=e.height,s=e.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,f=void 0,v=void 0,h=void 0;if(i!=null?...
L40: `+i.message)}return o8(e,n),A(n,function(i){var o=i.name;l8(e,i),f8(e,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),n},r...
L41: `))}),t.join(`
Low
Eval
Package source references a known benign dynamic code generation pattern.
www/assets/echarts-Cv-_nZ52.jsView on unpkg · L39Findings
2 Medium7 Low
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalwww/assets/echarts-Cv-_nZ52.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings