registry  /  mchain-sdk  /  0.0.1-security

mchain-sdk@0.0.1-security

security holding package

AI Security Review

scanned 6h ago · by lpm-firewall-ai

No confirmed attack surface is established by the package contents. The package is a minimal security holding package with no executable entrypoints or lifecycle hooks.

Static reason
No blocking static signals were detected.
Trigger
none
Impact
none
Mechanism
metadata-only placeholder package
Rationale
Read-only inspection found only package.json and README.md, with package.json containing metadata only and no executable or install-time behavior. There is no evidence of exfiltration, remote code execution, persistence, destructive behavior, or AI-agent control-surface mutation.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no scripts, dependencies, bin, main, module, browser, or exports entrypoints.
    • Only package files present are package.json and README.md.
    • Manifest describes a security holding package with repository npm/security-holder.
    • No source files, lifecycle hooks, network endpoints, credential access, shell execution, eval, native loading, persistence, or AI-agent config writes found.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License