since there's no source available, if someone wants to really trust it they'll have to monitor what registry/file locations it reads/writes to/from , and also wireshark it

However, if it truly does mine for OP 2% of the time, personally I'd be more inclined to trust that there's no malware in it (because he wouldn't want to lose his potential income stream)
  
not going to try it myself, but only because I use Nemosminer-MPH when I want to hit MiningPoolHub

just saying