registry  /  @emend-ai/utim  /  1.46.7

@emend-ai/utim@1.46.7

UTIM – Universal Terminal Intelligence Manager. An agentic AI coding assistant for your terminal.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is a thin npm launcher that installs a Python UTIM engine. Risk is install-time remote dependency installation via pip, but source does not show exfiltration, stealth persistence, or foreign AI-agent control-surface mutation.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; running utim performs first-run setup if needed
Impact
Unconsented install-time execution can fetch and install a package-owned Python engine; no confirmed malicious behavior in inspected npm source.
Mechanism
postinstall and CLI-triggered pip install/upgrade of utim-cli
Rationale
Source inspection confirms a real install-time lifecycle script that installs a remote package-owned Python engine, warranting a warning. The inspected JS does not harvest credentials, exfiltrate data, run obfuscated payloads, or mutate a foreign/broad AI-agent control surface, so it should not be blocked as malicious.
Evidence
package.jsonscripts/postinstall.jsbin/utim.jsREADME.md/tmp/utim_install_<timestamp>.lock
Network endpoints2
eutalix.github.io/android-pydantic-core/termux-user-repository.github.io/pypi/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js silently runs python -m pip install --upgrade --quiet utim-cli during npm install
  • scripts/postinstall.js chmods bin/utim.js on Unix-like systems
  • bin/utim.js first run installs/upgrades utim-cli via pip and launches python -m utim_cli.utim
  • bin/utim.js uses osascript/cmd.exe/pkg for platform-specific install flow
Evidence against
  • No credential harvesting, env dumping, or secret file reads found
  • No fetch/axios/curl/wget or custom exfiltration endpoint in package JS
  • No eval/vm/Function or obfuscated payloads found
  • Python package name utim-cli is package-aligned with @emend-ai/utim launcher purpose
  • README describes UTIM as a CLI coding assistant and documents first-run config/state paths
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.1 KB of source, external domains: eutalix.github.io, python.org, termux-user-repository.github.io

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/utim.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @emend-ai/utim@1.46.5 matchedIdentity = npm:QGVtZW5kLWFpL3V0aW0:1.46.5 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/utim.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltabin/utim.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings