A website can just force a download of a dll into the downloads folder and most people wouldn’t notice it. If you then download the tools and run them you run the code in the dll as well.
Maybe, but then most people wouldn't use any of the Nirsoft tools.
On the other hand - personally - but not because of particular security measures, only for convenience, I tend to run those tools from within the .zip file (opened in 7-zip) i.e. in practice in a "random" directory created on the fly, i.e. something like \7zO6BD1.tmp (inside the users Temp folder).
Besides AFAIK/AFAICR all tools are available in .zip files, I don't think that the "common" user will open the .zip in the "Download" folder and routinely extract its contents in the same "Download" folder (as opposed to a path like C:\Nirsoft\<name of the tool> or similar).
I haven't tried, but DLL hijacking attacks are old, so I assume Chrome will warn you that a file may be dangerous if it's a DLL before dropping it to the Downloads folder.
