[cyrusradfar]

I'm in agreement that standardization is helpful.

But I DON'T think the standard should start by piping the prompt directly into claude/model cli. I say this as someone who has seen, first hand, an exfiltration attack locally and almost fell for it after 20 years as a developer.

Even if initially the install.md is safe, install prompt scripts and the things they download aren't packaged and static. They're all surfaces to exploit. The sub-components can be changed between any install, this is true unless we image versions and cache the "safe" imaged version and approve it.

What would be safer to me is a hub that you give a single install script that creates "images", .e.g. DMG for a Mac, .exe for Windows, etc., for platforms. That may actually be an installer app that the User or Agent opens then finishes locally for configuration. Then you point your Agent to that hub.

Nevertheless, then I would just recall XKCD and say, why not just package it with NPM, PyPi, brew, etc.