AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed attack surface exists in this package version. It contains metadata and a documentation-only security placeholder.
Static reason
No blocking static signals were detected.
Trigger
None
Impact
No install-time or runtime package action.
Mechanism
No executable behavior
Rationale
Direct inspection shows speed4@0.0.1-security is a non-executable holding package. The README's historical statement does not establish malicious behavior in the inspected version.
Evidence
package.jsonREADME.md
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
- README.md states this is a security holding package for a removed malicious package.
Evidence against
- package.json has no scripts, dependencies, bin, or runtime entrypoints.
- Package contains only package.json and README.md.
- No executable source, network endpoint, file mutation, or payload is present.
Behavioral surface
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
2 Low
LowNo License
LowAi Review Evidence