registry  /  iobroker.blink  /  0.0.25

iobroker.blink@0.0.25

adapter for amazon blink system and ioBroker

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Network, filesystem, helper-script creation, and ffmpeg execution are runtime features for Blink camera polling, snapshots, video download, MJPEG/HLS live view, and ioBroker integration.

Static reason
One or more suspicious static signals were detected.
Trigger
ioBroker adapter runtime after user configures Blink credentials and optional streaming/live-view features
Impact
Expected Blink account polling and local media/cache writes; no evidence of credential exfiltration, persistence outside adapter objects, destructive behavior, or install-time execution.
Mechanism
Blink API client and local camera media/stream helper
Rationale
Static inspection shows a Blink/ioBroker adapter with expected API calls, optional local streaming helpers, and no lifecycle execution or concrete exfiltration/persistence behavior. Scanner hits are explained by package-aligned network access, ffmpeg child processes, debug/cache writes, and a bundled ioBroker helper script template.
Evidence
package.jsonmain.jslib/blink-api.jslib/immi-live-hls.jslib/blink-liveview-iobroker.jslib/mjpeg-server.jslib/blink-video-url-server.json/tmp/blink_debug.log/tmp/blink_session_cache/<sha256>.json/tmp/blink_liveview_session.json/tmp/blink_liveview_iobroker_debug.log/tmp/blink_hlsconfigured snapshotDir/opt/iobroker/iobroker-data/blinkscript.js.common.blink-video-url-server
Network endpoints9
api.oauth.blink.comapi.oauth.blink.comrest-prod.immedia-semi.comconfigured Blink apiHost from sessionimmis:// liveview host from Blink sessionlocalhost:<port><host>:8085<host>:8089<host>:8099

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks; main is main.js.
    • main.js runtime logs into Blink using configured email/password and calls bundled lib/blink-api.js, consistent with adapter purpose.
    • lib/blink-api.js network hosts are Blink/OAuth endpoints: api.oauth.blink.com and rest-prod.immedia-semi.com.
    • child_process use is runtime/live-view aligned: ffmpeg spawning in main.js/lib/immi-live-hls.js and optional helper script execution, not install-time payload execution.
    • File writes are cache/media/debug outputs under configured snapshot dirs or /tmp, plus ioBroker state/object updates for adapter operation.
    • lib/blink-video-url-server.json is a bundled ioBroker helper script template; no hardcoded secret found, only comments/config placeholders.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireFilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 5 file(s), 232 KB of source, external domains: 127.0.0.1, api.oauth.blink.com

    Source & flagged code

    4 flagged · loading source
    lib/blink-video-url-server.jsonView file
    8patternName = generic_password severity = medium line = 8 matchedText = "source"...\n",
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    lib/blink-video-url-server.jsonView on unpkg · L8
    main.jsView file
    1694async startHlsProxy(devId, live) { L1695: const { spawn } = require('node:child_process'); L1696: await this.startHlsServer();
    High
    Child Process

    Package source references child process execution.

    main.jsView on unpkg · L1694
    5L6: const utils = require('@iobroker/adapter-core'); L7: const fs = require('node:fs');
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    main.jsView on unpkg · L5
    lib/immi-live-hls.js#virtual:normalized:round1View file
    9const path = require('node:path'); L10: const tls = require('node:tls'); L11: const http = require('node:http'); L12: const { spawn, spawnSync } = require('node:child_process'); L13: L14: const SESSION_JSON = process.argv[2] || process.env.IMMI_SESSION_JSON || '/tmp/blink_liveview_session.json'; L15: const SERIAL = process.env.IMMI_SERIAL || process.env.BLINK_DEVICE_SERIAL || 'G8T1940153360515';
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    lib/immi-live-hls.js#virtual:normalized:round1View on unpkg · L9

    Findings

    2 High3 Medium4 Low
    HighChild Processmain.js
    HighSame File Env Network Executionlib/immi-live-hls.js#virtual:normalized:round1
    MediumSecret Patternlib/blink-video-url-server.json
    MediumDynamic Requiremain.js
    MediumNetwork
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings