As the number of Plasma users grow so will the users of the KDE Store and along with that, the amount of people who will try to upload malware.
We need a sustainable way to deal with this because it's impossible to check every upload manually and relying on users reports is not enough. I think the obvious place to start is with scanning the uploaded files.
While it would be theoretically possible to install ClamAV and scan the files with that, the solution that I am leaning towards is to use an online service such as (Google's) virustotal.com which scans with 59 engines including ClamAV.
This is what a sample of linux malware looks like on virustotal. Ironically ClamAV detects it as Windows malware.