Hi, ShellCheck author here. Regarding the scanner "Bkav Pro" detecting "VEX.Webshell" according to VirusTotal.com, this is a false positive that seems to trigger on every Haskell binary including a simple "Hello World". It further appears to trigger on a number of unrelated repositories. See internal issue https://github.com/koalaman/shellcheck/issues/2432 The Bkav Corporation does not appear to have a false positive submission process that I could find using Google Translate on bkav.com.vn, but I emailed a general product contact address about it. Hopefully they'll make the check more accurate in the future. Regards, Vidar Holen (Sorry about the bad reply-to, I wasn't on the list when the discussion started)