AI Security Review
scanned 18h ago · by lpm-firewall-aiNo confirmed attack surface in this package version. It is a metadata-only security holding package.
Static reason
No blocking static signals were detected.
Trigger
None
Impact
No package-originated execution, persistence, or exfiltration observed
Mechanism
No executable package behavior
Rationale
Direct inspection found only a minimal manifest and README with no executable entrypoints or lifecycle hooks. The README's historical notice does not establish malicious behavior in version 0.0.1-security.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
- README.md states this is a security holding package for a previously removed release.
Evidence against
- package.json has no scripts, dependencies, bin, or code entrypoints.
- Package contains only package.json and README.md.
- No install-time, import-time, network, file, shell, or dynamic-execution code exists.
Behavioral surface
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
2 Low
LowNo License
LowAi Review Evidence