Version 2.0.2:

• Fixed a problem where, for certain untrusted package signatures, the individual certificates may have been shown as valid (when the certificate details were disclosed). The overall package signature status was always shown correctly -- as untrusted -- but the per-certificate status might have been inconsistent with that top-level untrustworthiness.
• Fixed a problem where a package with a damaged BOM file would not be reported as an error.
• Fixed a problem where certain packages that could be installed into the user's home directory (such as Suspicious Package's own package!) would not be designated as such.
• Fixed a problem with the icons on folders with omitted contents (in packages with an exceptionally large number of files). On OS X 10.11 (El Capitan), these were being shown with a generic document icon, instead of a "private" folder icon.

http://www.mothersruin.com/software/SuspiciousPackage/download.html