diff --git a/README.md b/README.md
index cbe8178..72fe70e 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ cp .env.example .env
 # Edit .env with your provider, API key, workspace path, git config
 
 # Install git hooks (secret scanning)
-brew install gitleaks  # one-time
+brew install gitleaks  # macOS / Linuxbrew
 ./setup-hooks.sh
 
 # Build and run
@@ -174,8 +174,11 @@ A [gitleaks](https://github.com/gitleaks/gitleaks) pre-commit hook prevents acci
 ### Setup
 
 ```bash
-brew install gitleaks   # one-time install
-./setup-hooks.sh        # installs the pre-commit hook
+# macOS / Linuxbrew
+brew install gitleaks
+
+# Debian/Ubuntu (download binary)
+curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_$(uname -s)_$(uname -m).tar.gz | sudo tar -xz -C /usr/local/bin gitleaks
 ```
 
 The hook runs automatically on every `git commit`. If gitleaks isn't installed, the hook prints a warning and allows the commit (no hard dependency on collaborators).
diff --git a/setup-hooks.sh b/setup-hooks.sh
index 1cc5a2c..501d1ea 100755
--- a/setup-hooks.sh
+++ b/setup-hooks.sh
@@ -13,7 +13,8 @@ cat > "$HOOK_DIR/pre-commit" << 'HOOK'
 if ! command -v gitleaks >/dev/null 2>&1; then
   echo ""
   echo "⚠️  gitleaks is not installed — skipping secret scan"
-  echo "   Install: brew install gitleaks"
+  echo "   Install: brew install gitleaks  (macOS)"
+  echo "   Or: curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_\$(uname -s)_\$(uname -m).tar.gz | sudo tar -xz -C /usr/local/bin gitleaks"
   echo ""
   exit 0
 fi