Do not run it
The installer command is interpreted for trace output. The script is downloaded for inspection, not executed as an install.
Installer trace
Trace shell installers before they touch disk
Run av trace on a curl pipe shell one-liner to see the file-changing actions it is likely to perform: downloads, writes, chmods, installs, service changes, and generated executables.
Last updated: May 15, 2026
av trace helps developers inspect shell installers before an AI agent runs them. It summarizes file-changing behavior from installer scripts so risky curl-pipe-shell workflows can be reviewed before execution.
Curl pipe shell
Explain the installer, not just the one-liner.
curl URL | sh hides the part that matters. av trace recognizes simple curl-to-shell commands, fetches the script for analysis, and asks a local Codex or Claude agent to summarize the consequential file changes.
Keep the signal
Trace output focuses on writes, deletes, moves, permissions, installs, service files, and generated executables.
Show the fetch
Network calls stay in the summary when they explain a file-changing step, such as downloading a DMG, script, archive, or package payload.
Constrain the tracer
The local trace agent runs through a sandboxed path so analysis has runtime scratch space without installer write access.
Readable output
Turn install scripts into reviewable steps.
av trace 'curl https://example.com/install.sh | sh'
Concise numbered steps such as downloading and mounting a DMG, installing into /Applications, or writing a launcher under ~/.local/bin.
Use --json when another tool needs the traced command, selected agent, operation type, path, and related network URL.
Related protections