registry  /  @emend-ai/utim  /  1.46.5

@emend-ai/utim@1.46.5

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package is a thin npm launcher/bootstrapper for a Python package. Risk comes from install-time and first-run pip installation of the package-aligned utim-cli engine, whose source is not included here.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install postinstall, or running the utim bin
Impact
Executes code from an external Python package as part of setup/runtime, but no confirmed malicious behavior is present in the inspected npm source.
Mechanism
postinstall/CLI bootstrapper invokes pip and then launches Python module
Rationale
Source inspection confirms package-aligned install-time pip bootstrapping, which is risky enough to warn but not enough to block without malicious behavior in the npm source. Scanner shell and environment findings are explained by the launcher/install workflow.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade --quiet utim-cli during npm install
  • bin/utim.js auto-installs utim-cli with pip on first CLI run if missing
  • bin/utim.js launches python -m utim_cli.utim with user args
  • bin/utim.js can install Termux packages/build tools via pkg when run
Evidence against
  • No code found harvesting credentials, npm tokens, ssh keys, or env secrets
  • No exfiltration endpoint or HTTP client code in package source
  • Postinstall target is package-aligned utim-cli engine, not a foreign AI-agent control surface
  • No eval/vm/Function or obfuscated payload strings found
  • No persistence or destructive filesystem behavior beyond chmod and temporary lock cleanup
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.8 KB of source, external domains: python.org

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/utim.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @emend-ai/utim@1.46.2 matchedIdentity = npm:QGVtZW5kLWFpL3V0aW0:1.46.2 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/utim.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltabin/utim.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings