It’s really not uncommon for a lot of themes to package an installer script, in case they have multiple versions, or multiple colors bundled. Realistically, they should just each have their own store page, but it’s a colossal pain in the ass. The Catppuccin global theme, for example, has 16 color variants, 2 decoration variants each, and then also a version with no splash. The whitesur theme is similar.

I do agree though that if this is going to continue to exist, it should not have permissions it has today