Looks neat but what about security? Can the json be configured in a way that compromises the data stored on the device. Aren't you basically allowing Jason agent to run any custom code?
Each page is sandboxed and it displays an intro page describing which device features the next page will access when you run it for the first time (or when there's a code change even if you had it favorited earlier). Also you can look at the raw JSON to see what's inside before opening. But yes I think security is important and will be one of my top priorities going forward.
