registry  /  @emend-ai/utim  /  1.44.5

@emend-ai/utim@1.44.5

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package is a thin npm launcher that pre-installs an unpinned Python package, utim-cli, during npm postinstall and again on first CLI run if missing. This is real install-time remote dependency acquisition, but the inspected package source does not show concrete malicious behavior itself.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install or running utim
Impact
Executes pip/package-manager installation paths on the user's machine; downstream behavior depends on utim-cli from Python packaging.
Mechanism
lifecycle pip install of package-aligned Python engine
Attack narrative
On npm install, scripts/postinstall.js searches for Python, chmods the bundled CLI, and silently runs pip install --upgrade --quiet utim-cli. If that did not happen, bin/utim.js repeats the install on first use and then launches python -m utim_cli.utim with user arguments. This creates lifecycle risk through unpinned secondary package installation, but source inspection found no exfiltration, persistence, destructive behavior, or foreign AI-agent control-surface mutation in the npm package itself.
Rationale
Unconsented npm lifecycle installation of an unpinned Python engine is a meaningful supply-chain risk, but it is package-aligned and no concrete malicious payload or control-surface hijack is present in the inspected files. Warn rather than block.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.mdPython site-packages for utim-cliTermux python-cryptography/python-pydantic packages
Network endpoints5
registry.npmjs.org/utim.devgithub.com/emendai/utim/issuesgithub.com/emendai/utim.gitpython.org

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js installs/upgrades utim-cli with pip on first CLI run if missing
  • bin/utim.js can install Termux packages via pkg before pip setup
Evidence against
  • No code writes Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces
  • No credential/env harvesting or exfiltration logic found in packaged JS files
  • No direct HTTP client, eval/vm/Function, dynamic require, native binary loading, or obfuscated payloads found
  • Postinstall chmod is limited to package bin/utim.js
  • Behavior is package-aligned as an npm launcher for a Python CLI engine
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings