registry  /  @emend-ai/utim  /  1.44.3

@emend-ai/utim@1.44.3

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 16h ago · by lpm-firewall-ai

The npm package is a thin launcher that installs a Python package named utim-cli at npm install time and on first CLI run. This creates unresolved lifecycle risk because executable code is pulled through pip outside npm dependency metadata, but the observed behavior is package-aligned and not a confirmed attack.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; running utim triggers first-run installation and launch
Impact
Installs and runs a package-aligned Python AI coding assistant with broad user-invoked workspace capabilities; no confirmed malicious exfiltration or control hijack in inspected npm source
Mechanism
install-time pip prewarm plus CLI pip bootstrap for Python agent engine
Attack narrative
On installation, scripts/postinstall.js looks for Python, chmods bin/utim.js, and silently runs pip install --upgrade --quiet utim-cli. The utim bin repeats pip installation if utim-cli is missing, then executes python -m utim_cli.utim. The README documents a powerful local AI coding assistant, but the inspected npm files do not plant instructions into other agents, persist daemons, harvest secrets, or exfiltrate data.
Rationale
Warn because the lifecycle hook installs executable Python code via pip outside npm's declared dependency graph, and the launched product is a high-capability coding agent. Do not block because the behavior is transparent, package-aligned, and no malicious source behavior or unconsented foreign AI-agent control mutation was found in the npm package.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js also auto-installs/updates utim-cli with pip on first CLI run
  • bin/utim.js launches python -m utim_cli.utim with user args after install
  • README.md describes an autonomous AI coding assistant with file writes, shell commands, MCP, memory, and auto-accept in non-interactive task mode
Evidence against
  • No credential harvesting or exfiltration code found in npm wrapper files
  • No foreign AI-agent control-surface writes such as .mcp.json, CLAUDE.md, Cursor, or Codex settings found
  • Lifecycle hook is package-aligned: it prewarms the documented UTIM Python engine and exits 0 on failure
  • No eval/vm/Function or obfuscated payloads found
  • Only package files present are package.json, scripts/postinstall.js, bin/utim.js, README.md, LICENSE
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings