AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `emos init`, `emos update`, or `emos update-head`.
Impact
Can install or update `.agents` content and expose it through `.claude` in the user-selected working directory.
Mechanism
Manifest-scoped vault scaffolding, agent-surface setup, and optional git source cloning.
Rationale
Not malicious by static source inspection. Downgrade to warn because an explicit CLI command installs and updates a first-party AI-agent control surface in the caller's vault.
Evidence
package.jsontemplate/.emos/emos.mjstemplate/.emos/manifesttemplate/.agents/skills/import-url/SKILL.md.agents/**.claude.emos/version00-inbox01-weekly02-people03-projects04-decisions05-incidents06-hiring07-strategy08-meetings09-knowledge10-reports
Network endpoints1
github.com/trustmaster/emos.git
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `template/.emos/emos.mjs` runs only via the `emos` bin; package.json has no lifecycle scripts.
- Explicit `emos init` scaffolds the CWD, installs `.agents/**`, and creates/copies `.claude` linked to `.agents`.
- `emos update-head` clones `https://github.com/trustmaster/emos.git` then updates manifest-selected framework files.
- `template/.emos/manifest` declares agent instruction, skill, integration, and role paths as framework-managed.
Evidence against
- No install/preinstall/postinstall hooks or import-time execution in `package.json`.
- No credential harvesting, HTTP client, eval/vm, dynamic code loader, or shell execution beyond argument-based `git clone`.
- Writes are limited to explicit CLI commands and current-working-directory vault paths.
- `template/.agents/skills/import-url/SKILL.md` instructs agents to treat imported instructions as inert and reject exfiltration payloads.
Behavioral surface
Source & flagged code
1 flagged · loading sourcetemplate/emos.cmdView file
•path = template/emos.cmd
kind = build_helper
sizeBytes = 183
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
template/emos.cmdView on unpkgFindings
1 Medium
MediumShips Build Helpertemplate/emos.cmd