[m417z]

When you install or run a program, how do you make sure it doesn't include malware? I assume that you check for the author's record/reputation, and perhaps look at the source code if it's available.

It's similar with Windhawk mods. The GitHub and X profiles are verified to be the profiles of the author, so you can decide whether you trust them. The source code is available, so you can inspect it as well. Mods are single-file and usually short, which makes it easier to review than an average program.

[__alexander]

No disrespect but Windhawk’s process injection loader code was cut and paste from malware source code. I can’t imagine how many AV/EDR alerts that project has generated from using ROR API hashing and PEB symbol traversing.

[orbital-decay]

To review these third-party mods one needs to understand C++, Windows programming, and fairly obscure theming-related parts of its internals, some of which are undocumented/reverse engineered, and many have poorly understood side effects. This is a pretty specific combination of skills that slowly approaches arcane status, even if might feel otherwise to some. But again, larger apps are indeed harder to review than this.

(this particular mod is 100% innocuous, though)

[deburo]

Huh, with AI you can always "review" those mods. They are small enough. Anyway they are distributed via the creator's github repo, so it's already somewhat of a peer reviewed mechanism.