how would that even work
It doesn't
However the bot could filter out 100% secure add-ons with a blacklist of all "bad" functions like file commands, "delete", "command", "eval", "crash", "quit", "commandto*" in it, stuff, or maybe add-ons like prints that don't even contain scripts
Everything else requires moderator approval or you just shouldn't download it until someone experienced posted a review saying that it's all fine