registry  /  @emend-ai/utim  /  1.46.12

@emend-ai/utim@1.46.12

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time and first-run behavior installs a Python engine package named utim-cli. This is a risky package-manager bridge but appears aligned with the declared CLI wrapper purpose, without confirmed malicious payload in the npm source.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; running utim triggers first-run self-install and launch
Impact
Downloads/executes package-aligned Python dependency code outside npm's package contents; no source evidence of exfiltration, persistence, or control-surface hijack.
Mechanism
child_process invokes Python pip/pkg installers and then runs utim_cli.utim
Rationale
The suspicious primitives are real: postinstall and CLI runtime call pip/pkg installers, including silent pre-warm during npm install. Static inspection shows this behavior is openly package-aligned as a Node wrapper for a Python UTIM CLI and lacks concrete malicious actions, so it should not be blocked.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsbin/utim.js chmod 0755os.tmpdir()/utim_install_<timestamp>.lock
Network endpoints5
eutalix.github.io/android-pydantic-core/termux-user-repository.github.io/pypi/registry.npmjs.org/utim.devgithub.com/emendai/utim

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall script at npm install time.
  • scripts/postinstall.js silently invokes Python pip install --upgrade --quiet utim-cli when Python is present.
  • bin/utim.js auto-installs utim-cli from pip on first CLI run and launches python -m utim_cli.utim.
  • bin/utim.js Termux path can run pkg install/update and uses extra package indexes.
Evidence against
  • No credential/env harvesting beyond Termux detection via PREFIX.
  • No data exfiltration logic or package-authored network client code found.
  • Network activity is package-aligned dependency installation from pip/package indexes.
  • No AI-agent config/control-surface writes found.
  • No eval/vm/Function, obfuscation, native binary, or destructive filesystem logic found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.6 KB of source, external domains: eutalix.github.io, python.org, termux-user-repository.github.io

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/utim.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @emend-ai/utim@1.46.10 matchedIdentity = npm:QGVtZW5kLWFpL3V0aW0:1.46.10 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/utim.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltabin/utim.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings