setup

This module is a typical developer-setup script that automates installation of well-known CLI tools. There is no direct evidence of credential theft, exfiltration, or backdoor behavior in the visible fragment. However, it does introduce meaningful supply-chain risk by executing a network-fetched installer script directly (`curl ... | sh`) and by installing downloaded artifacts (.deb) and selecting versions from live API data without explicit checksum/signature verification or version pinning in this script. These are the primary security concerns to address (pin versions, verify integrity, and avoid direct remote script execution where feasible).