Comment by jhancock

This may only provide a flalse sense of security. Afaik, there is no way to disable workspace settings taking priority over user settings, so a malious repo can easily override them and reenable automatic tasks.

Even if you lock everything now, what if the thing autoupdates with new helpful "features". You can't patch bad development culture.

  On macOS systems, this results in the execution of a background shell command that uses nohup bash -c in combination with curl -s to retrieve a JavaScript payload remotely

Unrestricted outbound connections, specially from curl/wget/bash

Sounds like autorun on usb drives all over again. They cant learn

Yes, uninstall the whole thing. It's just a Chromium covered with a bunch of JavaScript.