AI Security Review
scanned 21h ago · by lpm-firewall-aiNo confirmed attack surface is present in the extracted package. The manifest defines metadata only, and the only other file is a static README.
Static reason
No blocking static signals were detected.
Trigger
None
Impact
No install-time, import-time, or runtime action is defined.
Mechanism
No executable package behavior
Rationale
Direct inspection found no code or lifecycle hooks. The README's claim about a prior removed payload is not evidence of malicious behavior in this package version.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no scripts, dependencies, or executable entrypoints.
- Package contains only `package.json` and `README.md`.
- `README.md` is static text; it contains no executable payload.
- No network, filesystem-write, shell, eval, or credential-handling source exists.
Behavioral surface
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Low
LowNo License