registry  /  emos-vault  /  0.2.7

emos-vault@0.2.7

Everyone's Markdown Organizer System — a role-aware, agent-friendly Markdown vault for engineering managers, ICs, PMs, and directors. Plain files you own; works with any editor and any AGENTS.md / Agent Skills harness. Scaffold and update via the CLI.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `emos init`, `emos update`, or `emos update-head`.
Impact
Can install or update `.agents` content and expose it through `.claude` in the user-selected working directory.
Mechanism
Manifest-scoped vault scaffolding, agent-surface setup, and optional git source cloning.
Rationale
Not malicious by static source inspection. Downgrade to warn because an explicit CLI command installs and updates a first-party AI-agent control surface in the caller's vault.
Evidence
package.jsontemplate/.emos/emos.mjstemplate/.emos/manifesttemplate/.agents/skills/import-url/SKILL.md.agents/**.claude.emos/version00-inbox01-weekly02-people03-projects04-decisions05-incidents06-hiring07-strategy08-meetings09-knowledge10-reports
Network endpoints1
github.com/trustmaster/emos.git

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `template/.emos/emos.mjs` runs only via the `emos` bin; package.json has no lifecycle scripts.
  • Explicit `emos init` scaffolds the CWD, installs `.agents/**`, and creates/copies `.claude` linked to `.agents`.
  • `emos update-head` clones `https://github.com/trustmaster/emos.git` then updates manifest-selected framework files.
  • `template/.emos/manifest` declares agent instruction, skill, integration, and role paths as framework-managed.
Evidence against
  • No install/preinstall/postinstall hooks or import-time execution in `package.json`.
  • No credential harvesting, HTTP client, eval/vm, dynamic code loader, or shell execution beyond argument-based `git clone`.
  • Writes are limited to explicit CLI commands and current-working-directory vault paths.
  • `template/.agents/skills/import-url/SKILL.md` instructs agents to treat imported instructions as inert and reject exfiltration payloads.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
template/emos.cmdView file
path = template/emos.cmd kind = build_helper sizeBytes = 183 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

template/emos.cmdView on unpkg

Findings

1 Medium
MediumShips Build Helpertemplate/emos.cmd