You should probably use grub-install --no-nvram
You shouldn’t do this via a script because you can’t guarantee that grub will be updated via your script. That is why hooks are better.
Although it has only happened once, one of the things that came to light during this situation is that the grub devs expect grub-install to be run every time grub is updated. So issues could occur at any time in the future as well.
Also, if you don’t run grub-install after a grub update, you would won’t be getting the benefits to bug and security fixes in that part of the code. Since security issues with grub are pretty common, this is something worth considering depending on your risk model.