AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed attack surface exists in this published package version. It is metadata plus a security-holder README, with no executable entrypoint or install hook.
Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No package-originated runtime, install-time, network, or filesystem action established.
Mechanism
No executable behavior present.
Rationale
Direct inspection shows that the current version is an inert security holding package, not the previously removed malicious release. The README's historical warning does not constitute executable attack behavior in this package version.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
- README.md states this is a security holding placeholder for previously removed code.
Evidence against
- package.json contains metadata only; no scripts, bin, or runtime entrypoints.
- Package contains only package.json and README.md; no executable source or payload files.
- No lifecycle hooks, network endpoints, file writes, credential access, or dynamic execution were found.
Behavioral surface
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
2 Low
LowNo License
LowAi Review Evidence