Is wrm3/trent_rules safe to install?

wrm3/trent_rules was flagged as CRITICAL RISK (risk score 7454) with 708 findings detected across 5222 files. Review the findings before installing.

What security issues were found in wrm3/trent_rules?

Sigil detected 708 findings in wrm3/trent_rules, including patterns related to network_exfil, code_patterns, provenance, install_hooks, obfuscation. See the full scan report for details.

wrm3/trent_rules Security Scan — CRITICAL RISK | Sigil

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.claude/skills/kubernetes-operations/SKILL.md:85

# Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.cursor/skills/kubernetes-operations/SKILL.md:85

# Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs.md:65

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:126

    - apk add --no-cache git curl bash
    - curl -fsSL https://claude.ai/install.sh | bash
  script:

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:327

    - apk add --no-cache git curl bash
    - curl -fsSL https://claude.ai/install.sh | bash
  script:

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:367

    - pip install --no-cache-dir awscli
    - curl -fsSL https://claude.ai/install.sh | bash
    # Exchange GitLab OIDC token for AWS credentials

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:422

    - apt-get update && apt-get install -y git && apt-get clean
    - curl -fsSL https://claude.ai/install.sh | bash
    # Authenticate to Google Cloud via WIF (no downloaded keys)

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_overview.md:65

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_quickstart.md:72

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:94

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:330

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:369

```
curl -fsSL https://claude.ai/install.sh | bash -s stable
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:408

```
curl -fsSL https://claude.ai/install.sh | bash -s 1.0.58
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:447

# Install the native binary
curl -fsSL https://claude.ai/install.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup.md:94

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup.md:330

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup.md:369

```
curl -fsSL https://claude.ai/install.sh | bash -s stable
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup.md:408

```
curl -fsSL https://claude.ai/install.sh | bash -s 1.0.58
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_setup.md:447

# Install the native binary
curl -fsSL https://claude.ai/install.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_terminal-guide.md:69

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:133

export HTTPS_PROXY=http://proxy.example.com:8080
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:535


The `curl ... | bash` command downloads the script and passes it directly to Bash for execution using a pipe (`|`). This error means the connection broke before the script finished downloading. Common causes include network interruptions, the download being blocked mid-stream, or system resource limits.**Solutions:**

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:935

export HTTPS_PROXY=http://proxy.example.com:8080
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:1262

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:1309

WORKDIR /tmp
RUN curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:1741

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Cursor/docs/cursor.com_docs_cli_github-actions.md:54

  run: |
    curl https://cursor.com/install -fsS | bash
    echo "$HOME/.cursor/bin" >> $GITHUB_PATH

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Cursor/docs/cursor.com_docs_cli_headless.md:77

# Install Cursor CLI (macOS, Linux, WSL)
curl https://cursor.com/install -fsS | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Cursor/docs/cursor.com_docs_cli_installation.md:53

```
curl https://cursor.com/install -fsS | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Cursor/docs/cursor.com_docs_cli_overview.md:51

# Install (macOS, Linux, WSL)
curl https://cursor.com/install -fsS | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/Cursor/docs/cursor.com_docs_enterprise_deployment-patterns.md:473

# Install Cursor CLI (macOS, Linux, WSL)
curl https://cursor.com/install -fsS | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/OpenAI/codex/developers.openai.com_codex_windows_.md:258

# Install Node.js in WSL (via nvm)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/opencode/opencode.ai_.md:14

```
curl -fsSL https://opencode.ai/install | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/opencode/opencode.ai_docs_.md:34

```
curl -fsSL https://opencode.ai/install | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/opencode/opencode.ai_docs_gitlab_.md:107


  - curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/opencode/opencode.ai_docs_windows-wsl_.md:24

```
curl -fsSL https://opencode.ai/install | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.platforms/opencode/opencode.ai_download.md:13


`curl -fsSL https://opencode.ai/install | bash``npm i -g opencode-ai``bun add -g opencode-ai``brew install anomalyco/tap/opencode``paru -S opencode`

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.claude/skills/kubernetes-operations/SKILL.md:85

# Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.cursor/skills/kubernetes-operations/SKILL.md:85

# Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs.md:65

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:126

    - apk add --no-cache git curl bash
    - curl -fsSL https://claude.ai/install.sh | bash
  script:

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:327

    - apk add --no-cache git curl bash
    - curl -fsSL https://claude.ai/install.sh | bash
  script:

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:367

    - pip install --no-cache-dir awscli
    - curl -fsSL https://claude.ai/install.sh | bash
    # Exchange GitLab OIDC token for AWS credentials

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_gitlab-ci-cd.md:422

    - apt-get update && apt-get install -y git && apt-get clean
    - curl -fsSL https://claude.ai/install.sh | bash
    # Authenticate to Google Cloud via WIF (no downloaded keys)

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_overview.md:65

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_quickstart.md:72

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:94

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:330

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:369

```
curl -fsSL https://claude.ai/install.sh | bash -s stable
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:408

```
curl -fsSL https://claude.ai/install.sh | bash -s 1.0.58
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup#windows-powershell.md:447

# Install the native binary
curl -fsSL https://claude.ai/install.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup.md:94

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup.md:330

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup.md:369

```
curl -fsSL https://claude.ai/install.sh | bash -s stable
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup.md:408

```
curl -fsSL https://claude.ai/install.sh | bash -s 1.0.58
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_setup.md:447

# Install the native binary
curl -fsSL https://claude.ai/install.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_terminal-guide.md:69

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:133

export HTTPS_PROXY=http://proxy.example.com:8080
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:535


The `curl ... | bash` command downloads the script and passes it directly to Bash for execution using a pipe (`|`). This error means the connection broke before the script finished downloading. Common causes include network interruptions, the download being blocked mid-stream, or system resource limits.**Solutions:**

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:935

export HTTPS_PROXY=http://proxy.example.com:8080
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:1262

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:1309

WORKDIR /tmp
RUN curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Claude/code/code.claude.com_docs_en_troubleshooting.md:1741

```
curl -fsSL https://claude.ai/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Cursor/docs/cursor.com_docs_cli_github-actions.md:54

  run: |
    curl https://cursor.com/install -fsS | bash
    echo "$HOME/.cursor/bin" >> $GITHUB_PATH

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Cursor/docs/cursor.com_docs_cli_headless.md:77

# Install Cursor CLI (macOS, Linux, WSL)
curl https://cursor.com/install -fsS | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Cursor/docs/cursor.com_docs_cli_installation.md:53

```
curl https://cursor.com/install -fsS | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Cursor/docs/cursor.com_docs_cli_overview.md:51

# Install (macOS, Linux, WSL)
curl https://cursor.com/install -fsS | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/Cursor/docs/cursor.com_docs_enterprise_deployment-patterns.md:473

# Install Cursor CLI (macOS, Linux, WSL)
curl https://cursor.com/install -fsS | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/OpenAI/codex/developers.openai.com_codex_windows_.md:258

# Install Node.js in WSL (via nvm)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/OpenCode/opencode.ai_.md:14

```
curl -fsSL https://opencode.ai/install | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/OpenCode/opencode.ai_docs_.md:34

```
curl -fsSL https://opencode.ai/install | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/OpenCode/opencode.ai_docs_gitlab_.md:107


  - curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/OpenCode/opencode.ai_docs_windows-wsl_.md:24

```
curl -fsSL https://opencode.ai/install | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/template_v2/.platforms/OpenCode/opencode.ai_download.md:13


`curl -fsSL https://opencode.ai/install | bash``npm i -g opencode-ai``bun add -g opencode-ai``brew install anomalyco/tap/opencode``paru -S opencode`

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

wrm3/trent_rules

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Obfuscation

Network / Exfiltration

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other github scans