AI Security Review
scanned 16h ago · by lpm-firewall-aiNo confirmed executable attack surface exists in the inspected package. It is a non-executable holding manifest and README.
Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No package-originated impact established.
Mechanism
No runtime or install-time behavior.
Rationale
The extracted version contains only a minimal manifest and documentation, with no lifecycle scripts, entrypoints, dependencies, or executable files. Although the README describes a security placeholder, the present source establishes no malicious behavior.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
- `README.md` states this is a security holding package replacing removed code.
Evidence against
- `package.json` has no `scripts` lifecycle hooks.
- `package.json` defines no `main`, `bin`, `exports`, or dependency entries.
- Package contains only `package.json` and `README.md`; no executable source or payload files exist.
- No network, shell, credential, file-write, or agent-control code is present.
Behavioral surface
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
2 Low
LowNo License
LowAi Review Evidence