I was not aware of the policies followed in the community. For your information, the package is safe. Hosted by gitlab
a821 [1] filed a deletion request for package-installer-xe [2]:
This is the fourth time the same package has been uploaded with a
different name.
The problem persist: this install an unknown binary in the system,
even though it is supposed to be GPL (seemingly, a python program
bundled with pyinstaller).
Also, the PKGBUILD sources another PKGBUILD inside the tarball,
obviously insane.
See PRQ#69131 PRQ#69138 PRQ#70232
[1] https://aur.archlinux.org/account/a821/
[2] https://aur.archlinux.org/pkgbase/package-installer-xe/