The rapid rise of Chia has led to a gold rush of developers trying to build tools and automation scripts to help with their own setups and to share with the community. Most of this will be safe, and we will be hosting and recommending some here. However there will be some that have malicious operations as part of their code. Not even necessarily a virus, but possibly just illegitimate chia commands that can cause disruption to your farming operation or even steal Chia from you.
An example of this was posted on the r/Chia subreddit this morning by u/chocolate_chip_cake that detailed a script hosted on github (since removed) that sent XCH to an unknown wallet when you run the script. It did so using a powershell trick to execute code when running setting a variable. This would be fairly obvious to a professional doing a code review, but all of these Chia tools are so new that its unlikely any have undergone this process.
There was great, and valid concern about Hpool because of the closed source, and unknown nature of the code that was running. But that concern should also be applied to unreviewed open source code. Unless you are confident of being able to review the security implications of the code yourself, there is going to be a risk to running it on your system.
As it stands, my recommendation would be to stick to software officially endorsed by the Chia Networks development team or that has undergone a proper review by an objective security professional.
