Great, I can now combine the potential maliciousness of a script with the potential vulnerabilities of an AI Agent!

Jokes aside, this seems like a really wierd thing to leave to agents; I'm sure its definitely useful but how exactly is this more secure, a bad actor could just prompt inject claude (an issue I'm not sure can ever be fixed with our current model of LLMs).

And surely this is significantly slower than a script, claude can take 10-20 seconds to check the node version; if not longer with human approval for each command, a script could do that in miliseconds.

Sure it could help it work on more environments, but stuff is pretty well standardised and we have containers.

I think this part in the FAQ wraps it up neatly:

""" What about security? Isn't this just curl | bash with extra steps? This is a fair concern. A few things make install.md different:

    Human-readable by design. Users can review the instructions before execution. Unlike obfuscated scripts, the intent is clear.

    Step-by-step approval. LLMs in agentic contexts can be configured to request approval before running commands. Users see each action and can reject it.

    No hidden behavior. install.md describes outcomes in natural language. Malicious intent is harder to hide than in a shell script.

So it is just curl with extra steps; scripts aren't obfuscated, you can read them; if they are obfuscated then they aren't going to use a Install.md and you (the user) should really think thrice before installing.

Step by step approval also sorta betrays the inital bit about leaving installing stuff to ai and wasting time reading instructions.

Malicious intent is harder to hide, but really if you have any doubt in your mind about an authors potential malefeasance you shouldn't be running it, wrapping claude around this doesn't make it any safer really when possible exploits and malware are likely baked into the software you are trying to install, not the install.

tldr; why not just have @grok is this script safe?

Ten more glorious years to installer.sh

This is some really fantastic feedback, thank you!

I personally think that prose is significantly easier to read than complex bash and there are at least some benefits to it. They may not outweigh the cons, but it's interesting to at least consider.

That said, this is a proposal and something we plan to iterate on. Generating install.sh scripts instead of markdown is something we're at least thinking about.