This work addresses specification–implementation inconsistencies in Node-RED—a low-code IoT framework—where node implementations deviate from official specifications, particularly concerning implicit information flows unaccounted for in specifications and leading to sensitive data leakage. We present the first systematic, end-to-end consistency verification across all 1,247 official nodes, proposing a CodeQL-based static data-flow analysis method that jointly performs node I/O specification–implementation alignment and security-risk grading. Empirical evaluation reveals that 55% of nodes exhibit undeclared information flows; among a representative sample, 28% pose high-severity and 36% medium-severity security risks. Our study uncovers systemic security vulnerabilities in low-code IoT platforms arising from incomplete specifications and implementation drift, and contributes a reusable, empirically validated detection framework for securing edge programming environments.

Low-code development frameworks for IoT platforms offer a simple drag-and-drop mechanism to create applications for the billions of existing IoT devices without the need for extensive programming knowledge. The security of such software is crucial given the close integration of IoT devices in many highly sensitive areas such as healthcare or home automation. Node-RED is such a framework, where applications are built from nodes that are contributed by open-source developers. Its reliance on unvetted open-source contributions and lack of security checks raises the concern that the applications could be vulnerable to attacks, thereby imposing a security risk to end users. The low-code approach suggests, that many users could lack the technical knowledge to mitigate, understand, or even realize such security concerns. This paper focuses on"hidden"information flows in Node-RED nodes, meaning flows that are not captured by the specifications. They could (unknowingly or with malicious intent) cause leaks of sensitive information to unauthorized entities. We report the results of a conformance analysis of all nodes in the Node-RED framework, for which we compared the numbers of specified inputs and outputs of each node against the number of sources and sinks detected with CodeQL. The results show, that 55% of all nodes exhibit more possible flows than are specified. A risk assessment of a subset of the nodes showed, that 28% of them are associated with a high severity and 36% with a medium severity rating.