AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Network, filesystem, helper-script creation, and ffmpeg execution are runtime features for Blink camera polling, snapshots, video download, MJPEG/HLS live view, and ioBroker integration.
Static reason
One or more suspicious static signals were detected.
Trigger
ioBroker adapter runtime after user configures Blink credentials and optional streaming/live-view features
Impact
Expected Blink account polling and local media/cache writes; no evidence of credential exfiltration, persistence outside adapter objects, destructive behavior, or install-time execution.
Mechanism
Blink API client and local camera media/stream helper
Rationale
Static inspection shows a Blink/ioBroker adapter with expected API calls, optional local streaming helpers, and no lifecycle execution or concrete exfiltration/persistence behavior. Scanner hits are explained by package-aligned network access, ffmpeg child processes, debug/cache writes, and a bundled ioBroker helper script template.
Evidence
package.jsonmain.jslib/blink-api.jslib/immi-live-hls.jslib/blink-liveview-iobroker.jslib/mjpeg-server.jslib/blink-video-url-server.json/tmp/blink_debug.log/tmp/blink_session_cache/<sha256>.json/tmp/blink_liveview_session.json/tmp/blink_liveview_iobroker_debug.log/tmp/blink_hlsconfigured snapshotDir/opt/iobroker/iobroker-data/blinkscript.js.common.blink-video-url-server
Network endpoints9
api.oauth.blink.comapi.oauth.blink.comrest-prod.immedia-semi.comconfigured Blink apiHost from sessionimmis:// liveview host from Blink sessionlocalhost:<port><host>:8085<host>:8089<host>:8099
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks; main is main.js.
- main.js runtime logs into Blink using configured email/password and calls bundled lib/blink-api.js, consistent with adapter purpose.
- lib/blink-api.js network hosts are Blink/OAuth endpoints: api.oauth.blink.com and rest-prod.immedia-semi.com.
- child_process use is runtime/live-view aligned: ffmpeg spawning in main.js/lib/immi-live-hls.js and optional helper script execution, not install-time payload execution.
- File writes are cache/media/debug outputs under configured snapshot dirs or /tmp, plus ioBroker state/object updates for adapter operation.
- lib/blink-video-url-server.json is a bundled ioBroker helper script template; no hardcoded secret found, only comments/config placeholders.
Behavioral surface
ChildProcessCryptoDynamicRequireFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcelib/blink-video-url-server.jsonView file
8patternName = generic_password
severity = medium
line = 8
matchedText = "source"...\n",
Medium
Secret Pattern
Package contains a possible secret pattern.
lib/blink-video-url-server.jsonView on unpkg · L8main.jsView file
1694async startHlsProxy(devId, live) {
L1695: const { spawn } = require('node:child_process');
L1696: await this.startHlsServer();
High
5L6: const utils = require('@iobroker/adapter-core');
L7: const fs = require('node:fs');
Medium
lib/immi-live-hls.js#virtual:normalized:round1View file
9const path = require('node:path');
L10: const tls = require('node:tls');
L11: const http = require('node:http');
L12: const { spawn, spawnSync } = require('node:child_process');
L13:
L14: const SESSION_JSON = process.argv[2] || process.env.IMMI_SESSION_JSON || '/tmp/blink_liveview_session.json';
L15: const SERIAL = process.env.IMMI_SERIAL || process.env.BLINK_DEVICE_SERIAL || 'G8T1940153360515';
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/immi-live-hls.js#virtual:normalized:round1View on unpkg · L9Findings
2 High3 Medium4 Low
HighChild Processmain.js
HighSame File Env Network Executionlib/immi-live-hls.js#virtual:normalized:round1
MediumSecret Patternlib/blink-video-url-server.json
MediumDynamic Requiremain.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings