registry  /  @emend-ai/utim  /  1.44.7

@emend-ai/utim@1.44.7

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The npm package is a thin launcher that installs a Python package named utim-cli at install time or first run. This is a real lifecycle download/execute surface, but the inspected npm source does not show concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; running utim triggers first-run installer and launcher
Impact
Installs and executes external Python package code outside this npm tarball; no confirmed exfiltration, persistence, or agent control hijack in inspected source
Mechanism
lifecycle and CLI pip installation of package-aligned Python engine
Attack narrative
On npm install, scripts/postinstall.js looks for Python, chmods bin/utim.js on Unix, and silently runs pip install --upgrade --quiet utim-cli. If that prewarm does not happen or fails, bin/utim.js repeats pip installation on first utim execution and then launches python -m utim_cli.utim. The npm source itself contains no credential collection, obfuscation, destructive action, or foreign AI-agent control-surface writes.
Rationale
The package has unresolved supply-chain risk because it downloads and installs a separate PyPI engine from an npm lifecycle hook, but the behavior is clearly package-aligned and no concrete malicious attack behavior is present in the inspected source. Warn rather than block.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.mdPython site-packages via pip install utim-cli

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js auto-installs/upgrades utim-cli with pip on first CLI run if missing
  • bin/utim.js launches python -m utim_cli.utim and forwards user args
Evidence against
  • No code writes Claude/Codex/Cursor/MCP control-surface files in the npm package
  • No credential harvesting, secret file reads, or exfiltration logic found
  • No eval/vm/Function or obfuscated payloads found
  • Network behavior is package-aligned dependency installation rather than hardcoded exfil endpoint
  • postinstall failures are swallowed and do not persist daemons or hooks
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings