Missing User Warnings
Medium
- Confidence
- 98% confidence
- Finding
- The documentation instructs users to pipe a remotely fetched script directly into bash, which executes whatever the server returns without inspection, integrity verification, or pinning. If the hosting endpoint, network path, or upstream distribution is compromised, users could run arbitrary code on their machines during installation.
