registry  /  @emend-ai/utim  /  1.45.7

@emend-ai/utim@1.45.7

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The package is a thin npm launcher for a Python UTIM CLI and performs lifecycle pre-installation of the Python dependency. This is install-time code execution and supply-chain expansion via pip, but it is package-aligned and no confirmed malicious behavior was found in the npm package source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; running utim triggers first-run installation/launch
Impact
Installs or upgrades the utim-cli Python package; risk depends on the external Python package, not proven malicious in this npm source.
Mechanism
postinstall and CLI spawn Python pip installs, then python -m utim_cli.utim
Rationale
Static inspection shows lifecycle and runtime pip installation of a package-aligned Python engine, which is risky but not evidence of credential theft, persistence, exfiltration, or AI-agent control hijack. Because install-time dependency installation materially expands execution outside npm, this should warn rather than block.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsos.tmpdir()/utim_install_<timestamp>.lock
Network endpoints5
utim.devgithub.com/emendai/utim/issuesgithub.com/emendai/utim.gitregistry.npmjs.org/python.org

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js.
  • scripts/postinstall.js runs at npm install and invokes python -m pip install --upgrade --quiet utim-cli when Python is found.
  • bin/utim.js auto-installs/updates utim-cli via pip on first CLI run, including --user fallback and pip upgrade.
  • Termux path installs OS packages via pkg during CLI invocation.
Evidence against
  • No code writes Claude/Codex/Cursor/MCP or other foreign AI-agent control surfaces in inspected files.
  • No credential/env harvesting or exfiltration logic found; env use only detects Termux PREFIX.
  • No hardcoded remote C2 endpoints; package metadata links only to utim.dev, GitHub, npm registry, and python.org help text.
  • Install hook only pre-warms the package-aligned Python engine and exits 0 on failure.
  • No eval/vm/Function, dynamic require of remote code, native binary loading, destructive actions, or persistence observed.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.8 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings