registry  /  @emend-ai/utim  /  1.46.2

@emend-ai/utim@1.46.2

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package has an install-time hook that pre-installs a Python engine and a runtime launcher that installs and runs the same engine if missing. This is package-aligned but creates install-hook supply-chain risk because code is fetched and installed outside npm during install/first run.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; running utim triggers first-run installation and launch
Impact
Installs and executes the package-owned Python CLI engine; no confirmed malicious payload or exfiltration in npm wrapper source
Mechanism
postinstall/CLI pip installation and Python module launch
Rationale
Static source inspection shows a real install-time remote package installation primitive, but it is disclosed/package-aligned and no concrete malicious behavior is present in the npm package source. Treat as suspicious install-hook risk rather than publish-block malware.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.mdos.tmpdir()/utim_install_*.lock
Network endpoints5
utim.devgithub.com/emendai/utim/issuesgithub.com/emendai/utim.gitregistry.npmjs.org/python.org

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js silently runs python -m pip install --upgrade --quiet utim-cli during npm install
  • scripts/postinstall.js chmods bin/utim.js on Unix platforms
  • bin/utim.js auto-installs utim-cli, upgrades pip, and installs Termux system packages on first run
  • bin/utim.js launches python -m utim_cli.utim with user args
Evidence against
  • No credential harvesting, broad file collection, or exfiltration code found in package files
  • No eval/vm/Function or obfuscated payloads found
  • Network behavior is package-aligned dependency installation via pip for utim-cli
  • No AI-agent config/control-surface writes such as .codex, .cursor, or .claude found
  • README describes UTIM as a local AI coding CLI and matches launcher behavior
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.8 KB of source, external domains: python.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings