I mean if I download the software thru the electrum website, shouldnt that be enough or is there a chance it couldve been compromised?
The reason why you're verifying the signature has been written above, by hosseinimr93.
A hacker can have compromised the website for a while and insert their own, malicious version of Electrum, right before you visit it. The developers can't guarantee you that the site won't be compromised, but by providing a PGP signature, they guarantee that whoever verifies the binaries won't be victimized. A hacker would need to compromise both electrum.org and github.com
at the same time to succeed.
That is true and thankyou. Is there any other way besides Kleopatra? An easier way to verify?
You don't want to mess with the command line, so just stick with Kleopatra. Besides, you now know how to do it.