registry  /  @emend-ai/utim  /  1.46.27

@emend-ai/utim@1.46.27

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package performs an npm postinstall pre-warm that can install the package-aligned Python engine utim-cli via pip. The CLI can also install that engine on first run and then execute it.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install postinstall, or user runs the utim bin
Impact
Unconsented install-time mutation of the user's Python environment and execution of code fetched from package indexes, but no confirmed malicious exfiltration or control-surface hijack in this package source.
Mechanism
package-aligned pip bootstrap and Python module launch
Rationale
The concerning behavior is a package-owned Python engine bootstrap at npm postinstall/first run, not a confirmed malicious chain. Because it mutates the Python environment and fetches executable dependencies at install/runtime, it warrants a warning rather than a publish block.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md
Network endpoints7
api.github.com/repos/Eutalix/android-pydantic-core/releases/latesteutalix.github.io/android-pydantic-core/termux-user-repository.github.io/pypi/registry.npmjs.org/utim.devgithub.com/emendai/utim/issuesgithub.com/emendai/utim.git

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js auto-installs utim-cli via pip on first CLI run if missing
  • bin/utim.js Termux path downloads pydantic-core release metadata/wheels from GitHub and uses extra package indexes
  • bin/utim.js launches Python module utim_cli.utim with user args after install
Evidence against
  • No credential/env harvesting beyond Termux PREFIX detection found
  • No AI-agent config/control-surface writes such as .codex, Claude, Cursor, or MCP config mutation found
  • Network/install behavior is package-aligned to UTIM's Python engine rather than an unrelated payload
  • No obfuscation, eval/vm/Function, or hidden decoded strings found
  • Postinstall exits successfully on failures and does not persist beyond pip installation
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 15.6 KB of source, external domains: api.github.com, eutalix.github.io, python.org, termux-user-repository.github.io

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/utim.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @emend-ai/utim@1.46.15 matchedIdentity = npm:QGVtZW5kLWFpL3V0aW0:1.46.15 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/utim.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltabin/utim.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings