registry  /  @emend-ai/utim  /  1.46.13

@emend-ai/utim@1.46.13

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The npm wrapper performs install-time and first-run setup of a Python package named utim-cli. This creates real remote package execution/supply-chain risk, but source inspection shows package-aligned behavior rather than a confirmed malicious chain.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; running the utim bin triggers first-run setup and launch
Impact
Installs and executes a package-aligned Python CLI agent; no confirmed credential theft or destructive behavior in inspected npm source
Mechanism
postinstall/launcher pip installation and Python module execution
Rationale
The package has a genuine install-time remote setup surface and launches a powerful AI coding assistant, so a warning is warranted. Source facts indicate package-aligned bootstrap behavior, not concrete malware or an unconsented hijack of a foreign AI-agent control surface.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md/tmp/utim_install_<timestamp>.lock
Network endpoints5
raw.githubusercontent.com/Eutalix/android-pydantic-core/main/install_pydantic_core.sheutalix.github.io/android-pydantic-core/termux-user-repository.github.io/pypi/python.orgutim.dev

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install when Python exists
  • bin/utim.js auto-installs utim-cli on first run and can run curl | bash on Termux for pydantic-core setup
  • bin/utim.js launches python -m utim_cli.utim with user CLI args
Evidence against
  • Postinstall is described as best-effort prewarm and exits 0 on failure
  • No credential/env harvesting, npm token reads, or exfiltration code found in package files
  • Network/install activity is package-aligned with installing the documented Python engine
  • No AI-agent config files or foreign control surfaces are modified by the npm package
  • No obfuscation, eval/vm/Function, native binary loading, or persistence logic found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.8 KB of source, external domains: eutalix.github.io, python.org, raw.githubusercontent.com, termux-user-repository.github.io

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/utim.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @emend-ai/utim@1.46.12 matchedIdentity = npm:QGVtZW5kLWFpL3V0aW0:1.46.12 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/utim.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltabin/utim.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings