registry  /  install-skia  /  0.0.1-security

install-skia@0.0.1-security

security holding package

AI Security Review

scanned 7h ago · by lpm-firewall-ai

No confirmed attack surface is present in this package version. It contains only metadata and a non-executable README.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No package-originated code executes or modifies data.
Mechanism
No install-time or runtime behavior.
Rationale
Direct inspection finds no executable source, lifecycle hook, dependency, or entrypoint. The current published package is a non-executable security holder, so no malicious behavior is established.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json contains no lifecycle scripts, entrypoints, dependencies, or executable configuration.
    • Only package files are package.json and README.md; neither contains executable code or network/credential/file operations.
    • README.md describes this as a security holding package and says prior malicious code was removed.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License