Do not run it
The installer command is interpreted for trace output. The script is downloaded for inspection, not executed as an install.
Installer trace
Run av trace on a curl pipe shell one-liner to see the file-changing actions it is likely to perform: downloads, writes, chmods, installs, service changes, and generated executables.
Last updated: June 1, 2026
av trace helps developers inspect shell installers before an AI agent runs them. It summarizes file-changing behavior from installer scripts so risky curl-pipe-shell workflows can be reviewed before execution.
Curl pipe shell
curl URL | sh hides the part that matters. av trace recognizes simple curl-to-shell commands, fetches the script for analysis, and asks a local Codex or Claude agent to summarize the consequential file changes.
The installer command is interpreted for trace output. The script is downloaded for inspection, not executed as an install.
Trace output focuses on writes, deletes, moves, permissions, installs, service files, and generated executables.
Network calls stay in the summary when they explain a file-changing step, such as downloading a DMG, script, archive, or package payload.
The local trace agent runs through a sandboxed path so analysis has runtime scratch space without installer write access.
Readable output
av trace 'curl https://example.com/install.sh | sh'
Concise numbered steps such as downloading and mounting a DMG, installing into /Applications, or writing a launcher under ~/.local/bin.
Use --json when another tool needs the traced command, selected agent, operation type, path, and related network URL.
Agent setup risk
AI agents often reach for install scripts when a tool is missing. The command looks small, but the script behind it can create directories, change permissions, add launch services, download binaries, and write shell startup files. av trace gives that hidden behavior a review step.
Trace a one-liner before the agent runs it, especially when the script comes from a project README, issue thread, or package website.
The output deliberately emphasizes writes, deletes, moves, chmods, installers, services, and generated executables rather than every shell detail.
After tracing, run risky tool execution through Automic Vault approval gates so the final write or privileged action is still visible.
Use normal text for human review or JSON when another local tool needs structured trace results.
FAQ
av trace questions.The goal is not to ban installer scripts. The goal is to make hidden install behavior visible before an agent turns a one-liner into local machine state.
av trace does not run the installer. It inspects installer content and summarizes likely file-changing behavior.
It reports consequential actions such as downloads, writes, deletes, moves, chmods, package installs, service files, and generated executables.
This guide is maintained with the public Automic Vault source, security notes, and issue tracker by Max Howell, creator of Homebrew.
Related protections