registry  /  speed5  /  0.0.1-security

speed5@0.0.1-security

security holding package

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No executable attack surface is present in this package version. The inspected source is a metadata-only security placeholder.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No confirmed package behavior can affect the host, files, credentials, network, or agent controls.
Mechanism
No executable behavior
Rationale
The shipped speed5@0.0.1-security source contains no executable code or lifecycle hooks. README.md's historical claim is not evidence of malicious behavior in this placeholder version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md states this is a security holding package and claims an earlier package contained malicious code.
Evidence against
  • package.json contains only package metadata; no scripts, entrypoints, dependencies, or binaries.
  • The package directory contains only package.json and README.md.
  • No install-time or runtime code, network endpoint, file mutation, shell execution, or payload is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence