registry  /  @emend-ai/utim  /  1.44.9

@emend-ai/utim@1.44.9

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The npm package is a thin launcher/installer for a Python AI coding assistant. The unresolved risk is install-time and first-run installation of external Python packages, plus documented agent capabilities, not confirmed malware in the inspected npm source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; running utim triggers first-run engine install and launch
Impact
Installs and executes external Python package utim-cli with broad developer-assistant capabilities if used
Mechanism
lifecycle pip preinstall and CLI pip bootstrap for an agentic coding assistant
Attack narrative
On npm install, the postinstall script finds Python, chmods the package CLI, and silently attempts to install or upgrade the PyPI package utim-cli. On later utim execution, the launcher checks for utim-cli, installs it if missing, and runs python -m utim_cli.utim with user arguments. The README documents a coding agent that can write files and run commands, with safeguards, but the inspected npm files do not plant foreign agent configuration, harvest secrets, or exfiltrate data.
Rationale
This is not clean because install-time code fetches and installs an external Python engine for an AI coding agent, creating a real lifecycle and capability risk. It is not malicious by inspected source facts because the behavior is package-aligned and no unconsented foreign agent-control mutation, exfiltration, persistence, or destructive behavior was found.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node scripts/postinstall.js
  • scripts/postinstall.js silently runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js installs/upgrades utim-cli, pip, setuptools, wheel, and Termux packages on first CLI run
  • README describes an agentic coding assistant capable of file writes, command execution, MCP setup, and non-interactive auto-accept task mode
Evidence against
  • No source writes Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces during npm install
  • No credential harvesting, secret file reads, destructive commands, persistence, or exfiltration found in npm package source
  • postinstall failure exits 0 and only chmods package bin besides pip pre-warm
  • CLI behavior is package-aligned launcher for the Python utim-cli engine
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings