registry  /  n8n-nodes-mcputils  /  0.0.1-security

n8n-nodes-mcputils@0.0.1-security

security holding package

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed attack surface in this placeholder version. The package contains only metadata and README advisory text, with no executable entrypoint or lifecycle hook.

Static reason
No blocking static signals were detected.
Trigger
npm install or package import
Impact
No source-confirmed malicious behavior for this version.
Mechanism
security holding package with no executable code
Rationale
Static inspection shows this 0.0.1-security version is an npm security holding placeholder with no executable code or install-time behavior. Prior malicious-package context in the README does not create an active attack surface in the inspected package contents.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md says this is an npm security holding package for a removed malicious package, but contains no active payload itself.
Evidence against
  • package.json has no scripts, lifecycle hooks, bin, main, module, browser, dependencies, or files entries.
  • Only package files present are package.json and README.md.
  • README.md is advisory placeholder text only; no executable source code.
  • No child_process, eval, dynamic import/require, credential access, agent config writes, or package code network calls found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence