registry  /  @akshajrawat/plugin-repo-cli  /  0.0.1-security

@akshajrawat/plugin-repo-cli@0.0.1-security

security holding package

AI Security Review

scanned 15h ago · by lpm-firewall-ai

No confirmed executable attack surface exists in the inspected package. It is a non-executable holding manifest and README.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No package-originated impact established.
Mechanism
No runtime or install-time behavior.
Rationale
The extracted version contains only a minimal manifest and documentation, with no lifecycle scripts, entrypoints, dependencies, or executable files. Although the README describes a security placeholder, the present source establishes no malicious behavior.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `README.md` states this is a security holding package replacing removed code.
Evidence against
  • `package.json` has no `scripts` lifecycle hooks.
  • `package.json` defines no `main`, `bin`, `exports`, or dependency entries.
  • Package contains only `package.json` and `README.md`; no executable source or payload files exist.
  • No network, shell, credential, file-write, or agent-control code is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence