airiot
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The authentication documentation in
auth.mdexplicitly recommends using SHA1 to hash passwords before transmission. SHA1 is a deprecated and cryptographically broken algorithm that is highly vulnerable to brute-force and collision attacks. - CREDENTIALS_UNSAFE (MEDIUM): The
auth.mdandgetting-started.mdfiles recommend storing sensitive authentication tokens inlocalStorageorsessionStorage. This pattern is risky because these storage mechanisms are accessible to any script on the page, making tokens susceptible to theft via Cross-Site Scripting (XSS) attacks. - EXTERNAL_DOWNLOADS (MEDIUM): An automated security scan (URLite) flagged the domain
userApi.coas a malicious URL. While the string is not literally present in the provided documentation snippets, the library uses the variable nameuserAPIas a primary entry point for its core functionality, suggesting a potential configuration risk or an intended endpoint for the library's network operations. - EXTERNAL_DOWNLOADS (LOW): The library requires a wide range of peer dependencies, including
axios,lodash, andcrypto-js. This broad dependency tree increases the supply chain risk surface for any application integrating this client library.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata