registry  /  speed3  /  0.0.1-security

speed3@0.0.1-security

security holding package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed attack surface is present in the inspected package. It has no install hooks, executable entrypoints, or source files.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No package-originated runtime, install-time, persistence, exfiltration, or destructive behavior established.
Mechanism
Metadata-only holding package.
Rationale
Direct inspection shows a two-file holding package with metadata and explanatory text only. No malicious behavior is present in this published package version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` contains metadata only; no lifecycle scripts or entrypoints.
    • Package contains only `package.json` and `README.md`; no executable source or binaries.
    • `README.md` describes a security holding package and contains no runnable instructions or payloads.
    • Source scan found no network, shell, credential, file-write, dynamic-code, or AI-agent control indicators.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License