grepai-installation

The skill is an installation guide whose stated purpose matches the operations it requests (installing a CLI). The primary security concern is the use of 'curl | sh' and 'irm | iex' to execute remotely hosted scripts without integrity verification — a high-risk installation pattern because it allows remote-to-local code execution with potential elevated privileges. There are no hardcoded credentials or explicit malicious code in the provided documentation, so the package appears not malicious by itself, but the installation method is hazardous if the remote scripts are tampered with or compromised. Treat the install scripts as untrusted until verified; prefer Homebrew or building from audited source with pinned commits/releases.