registry  /  @emend-ai/utim  /  1.43.20

@emend-ai/utim@1.43.20

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

The package is an npm launcher for a Python CLI and uses install-time/first-run bootstrapping to install the utim-cli Python package. This is elevated supply-chain behavior but is plainly aligned with the package purpose and no malicious code path was found in the inspected npm source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall or user running utim
Impact
Installs/upgrades the utim-cli Python package from the user's configured pip index, then runs python -m utim_cli.utim with user arguments.
Mechanism
pip bootstrap and Python module launcher
Rationale
Direct inspection found a lifecycle hook and CLI that install and launch a Python companion package, but the behavior is transparent, package-aligned, and lacks concrete malicious actions such as secret collection, exfiltration, persistence, or unconsented AI-agent control-surface mutation. The risky primitives are explained by the wrapper design rather than an attack payload.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md
Network endpoints5
utim.devgithub.com/emendai/utim/issuesgithub.com/emendai/utim.gitregistry.npmjs.org/python.org

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js auto-installs/upgrades utim-cli via pip on first run if missing
  • Termux path can run pkg install and pip upgrades before launching
Evidence against
  • Source package contains only package.json, README.md, LICENSE, bin/utim.js, scripts/postinstall.js
  • No credential harvesting, env dumping, destructive filesystem traversal, persistence, or exfiltration code found
  • Network/install behavior is package-aligned: npm wrapper bootstraps documented Python UTIM engine
  • No obfuscated strings, eval/vm/Function, dynamic remote URL execution, or AI-agent config/control-surface writes found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings