registry  /  flick-test-app  /  0.0.1-security

flick-test-app@0.0.1-security

security holding package

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed executable attack surface exists in this package version. The manifest is metadata-only and contains no lifecycle or runtime entrypoint.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No source-backed malicious behavior identified.
Mechanism
No executable behavior present.
Rationale
Static source inspection finds a metadata-only holding package with no code or install-time behavior. The README's historical statement is not evidence of malicious behavior in the inspected version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `README.md` states this is a security holding placeholder for a previously removed package.
Evidence against
  • `package.json` has no scripts, dependencies, entrypoints, bins, or install hooks.
  • Package contains only `package.json` and `README.md`; no executable source, binaries, or payload files were found.
  • No network endpoints, file writes, credential access, shell execution, dynamic loading, or agent-control configuration are present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence