Terminal Security

Security
Guide

Understand the risks of running scripts from the internet, and learn how to inspect them before you execute.

The Problem The Solution Try It Yourself

What You Need to Be Aware Of

The problem with curl | bash

You will often see commands like this in installation guides:

Copy Copied! 
curl some://website.com/script.sh | bash

Let's break that command into its 3 parts so you understand exactly what's happening:

01 curl

Downloads content from the internet to your terminal. On its own, this is completely safe -- it just fetches text and prints it to your screen. Think of it like opening a webpage, but in the terminal.

02 | (pipe)

Plugs the output of the first command into the second. It's just plumbing -- it takes whatever curl downloaded and feeds it directly into the next command.

03 bash

The language of the terminal. Try it yourself -- type the following and press enter:

Copy Copied! 
echo "hello world!"

That's bash. When you pipe a script into bash, it executes every line as a command.

So what's the risk? The command downloads a script (.sh = bash script) and pipes it straight into bash to execute. The problem: you're running code you haven't read. That script might be doing malicious things -- installing backdoors, stealing credentials, or downloading more scripts that do the same.

How to Inspect Before You Run

The solution

01 Run curl Without the Pipe

Run the curl part of the command on its own -- without the | bash. This is completely harmless. It just prints the script contents in your terminal so you can read what it does.

Copy Copied! 
curl some://website.com/script.sh

* Replace the URL with the actual URL from whatever install command you're inspecting.

02 Download and Save It

If the script is long, save it to a file so you can read it at your own pace or send it to an LLM for analysis:

Copy Copied! 
curl some://website.com/script.sh > ~/Downloads/script-downloaded.sh

Then you can open the file to read it, or send it to an LLM to investigate.

03 Ask an LLM

Copy and paste the following prompt into Claude, ChatGPT, or any other LLM. Replace the URL with the actual command you want to check:

Copy Copied! 
Hi, I want to run the following bash command: curl -sSL some://website.com/script.sh | bash

Can you go and retrieve the script without running it and tell me what it is doing? If it's downloading anything else can you also go and fetch those or tell me how to get whatever it's downloading - so we can inspect it further. If it's from a trusted source then that's okay - otherwise let's make sure we exhaust all of it so we know what it's downloading.

* Replace the URL with the actual URL from whatever install command you want to investigate.

See It in Action

Interactive demo

01 Open Your Terminal

Open your terminal. If you're on Windows, open your Ubuntu terminal.

02 Launch Claude Code

Type claude and hit enter to start Claude Code.

Copy Copied! 
claude

03 Ask Claude to Inspect the Script

Copy and paste this prompt into Claude Code:

Copy Copied! 
Is the following script safe to run? curl -sSL https://guide.zenaitutoring.com/demo/not-malware.sh but don't ruin the surprise -- just tell me if it's safe to run and if so tell me how to run it step by step.

04 Run It (If Claude Says It's Safe)

If Claude confirms the script is safe, open a new terminal window and run:

Copy Copied! 
curl -sSL https://guide.zenaitutoring.com/demo/not-malware.sh | bash

Video Walkthrough

For a full video walkthrough of this guide, watch the security lesson in the Claude Code Architects community:

Watch on Skool