[CentOS] Is shellcheck safe?

Wed Jan 19 09:09:16 UTC 2022
Phil Perry <pperry at elrepo.org>

On 17/01/2022 05:30, Thomas Stephen Lee wrote:
> Hi,
> I downloaded, extracted, and ran 0.8.0
> https://github.com/koalaman/shellcheck/releases
> After running, I submitted the file to virustotal
> with the below result.
> https://www.virustotal.com/gui/file/f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651
> Should I be concerned that I ran the program once?
> Thanks

ShellCheck is available in EPEL (v0.3.8), at least for rhel7, if that is 
any indication of it's trustworthiness. The (older) EPEL version scans 
clean on VirusTotal.

You could look at the source code changes between the two releases and 
make a judgement if you feel there is any reason to be concerned. 
Alternatively I would suggest submitting a copy to the AV vendor who 
flagged it for further investigation as a potential false positive.