nextdns-cli

No direct malware is evidenced in this documentation fragment itself. However, it recommends a high-privilege universal one-liner that downloads and immediately executes a remote installer script (curl -> command substitution -> sh -c), which is a significant supply-chain trust risk if the endpoint/content were ever compromised. Additional security considerations include optional telemetry (-report-client-info) and the increased information exposure likelihood when enabling DEBUG=1. A definitive malware assessment would require reviewing the actual installer script and the CLI binary/source code.