There'll always be a way to bypass automated security checks, that try to detect malicious code...
You see, if an addon doesn't use any abusable functions, and doesn't use any functions from another addon that has abusable functions in it, and doesn't overwrite functions from other addons, then it's safe to run.So if you want to verify if an addon is safe to run on your system, you take the following steps, and if any of the conditional steps result to true then it's unsafe to run:1. Make a list of all the functions that the source code calls, and the types of objects it creates.2. Check this against the functions/types blacklist.3. Make a list of all the functions that the source code creates.4. Collect two lists: one of all the functions in all the client's addons, and some sort of list that would identify abusable functions from that list, like RTBCT_setElementProperty.5. Check the list from step 1 against the abusable functions list from step 4.6. Check the list from step 3 against the functions list from step 4.7. Return safe to run.Of course there are ways to massively optimize step 4, though I'll leave that up to you!
