I just downloaded a totally innocuous app to evaluate, NoteCase Pro, and after macOS gave me the standard warning that it came from an unidentified developer (not a big deal), I also got some pop-ups from a free QuickLook plugin (that I’d forgotten I’d installed) for examining Installer packages - Supicious Package from Randy Saldinger:
I wish I knew more about the dev. This utility is free (not even a donation request!), and the dev’s only active internet presence seems to be his Instagram page.
So what’s your point? That shell script looks pretty harmless and the only warning you got was that the package wasn’t signed.
The bash script is just opening the releasenotes by the way. However, for note taking applications there are many (well-known) alternatives. Don’t know why you’re installing this one.