IMHO, copying a file to a local machine should nave no side-effects aside of the file existing on the machine.
It would be a totally fine compromise to first having to explicitly launch the application before macOS registers the URL- or filetype handler. Once you trick users into launching your malware, all bets are off anyways and it doesn’t matter whether your malware then also registers a URL handler or not.
IMHO, copying a file to a local machine should nave no side-effects aside of the file existing on the machine.
It would be a totally fine compromise to first having to explicitly launch the application before macOS registers the URL- or filetype handler. Once you trick users into launching your malware, all bets are off anyways and it doesn’t matter whether your malware then also registers a URL handler or not.