I'm looking at the scripts in the nvidia package and the SIP check is a warning, hitting continue should allow everything to continue. It's not broken that I can see.
They're probably doing this check for a reason, it seems completely random to just add a check for SIP/kext signing being disabled.
I don't have a hack+nvidia right now to test, but my theory is this: the 'kext permission' feature doesn't play nicely with SIP being disabled or unsigned kexts being allowed. If you get the SIP error from the installer and continue, do you still get the macOS prompt about allowing the kext to be installed?
The kext permissions are tracked via the team id that signed the kext; one can see how tracking this might be problematic if there is a possibility that unsigned kexts might get mixed in. The combo of 'allow unsigned kexts' and 'use kext permissions' may just be an unsupported configuration.
Try setting the SIP flags so that unsigned kexts are allowed AND kext permissions are disabled.