Funny, I had this need just today, but with a not-so-popular GitHub repo I cloned today. Before running it, I opened the folder in Cursor and requested a check for suspicious activities, which after a good scan of README and source files, Cursor reported back that it was ok to proceed.

I think getting an (optional?) AI heads-up before reviewing it myself would be great for cURL shell scripts as well. I'm prone to not seeing dark patterns in editor, and tools like vet could as well be tricked into not seeing the dark pattern, malicious intent, or just hazardous code lurking.

I wouldn't quite trust an AI's opinion in wether given code is malicious or not, maybe in the future, but not quite yet.