AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package is a thin npm launcher for a Python UTIM CLI and performs lifecycle pre-installation of the Python dependency. This is install-time code execution and supply-chain expansion via pip, but it is package-aligned and no confirmed malicious behavior was found in the npm package source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; running utim triggers first-run installation/launch
Impact
Installs or upgrades the utim-cli Python package; risk depends on the external Python package, not proven malicious in this npm source.
Mechanism
postinstall and CLI spawn Python pip installs, then python -m utim_cli.utim
Rationale
Static inspection shows lifecycle and runtime pip installation of a package-aligned Python engine, which is risky but not evidence of credential theft, persistence, exfiltration, or AI-agent control hijack. Because install-time dependency installation materially expands execution outside npm, this should warn rather than block.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsos.tmpdir()/utim_install_<timestamp>.lock
Network endpoints5
utim.devgithub.com/emendai/utim/issuesgithub.com/emendai/utim.gitregistry.npmjs.org/python.org
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.js.
- scripts/postinstall.js runs at npm install and invokes python -m pip install --upgrade --quiet utim-cli when Python is found.
- bin/utim.js auto-installs/updates utim-cli via pip on first CLI run, including --user fallback and pip upgrade.
- Termux path installs OS packages via pkg during CLI invocation.
Evidence against
- No code writes Claude/Codex/Cursor/MCP or other foreign AI-agent control surfaces in inspected files.
- No credential/env harvesting or exfiltration logic found; env use only detects Termux PREFIX.
- No hardcoded remote C2 endpoints; package metadata links only to utim.dev, GitHub, npm registry, and python.org help text.
- Install hook only pre-warms the package-aligned Python engine and exits 0 on failure.
- No eval/vm/Function, dynamic require of remote code, native binary loading, destructive actions, or persistence observed.
Behavioral surface
ChildProcessEnvironmentVarsFilesystem
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings