As the number of Plasma users grow so will the users of the KDE Store and along with that, the amount of people who will try to upload malware.
We need a sustainable way to deal with this because it's impossible to check every upload manually and relying on users reports are not enough. I think the obvious place to start is with scanning the uploaded files.
While it would be theoretically possible to install ClamAV and scan the files with that, the solution that I am leaning towards is to use an online service such as (Google's) virustotal.com which scans with 59 engines including ClamAV.
[[ https://www.virustotal.com/en/file/cc5833d039943bcf06cb185500b21a19d4e1f73a3362943d27697fc93f7b9602/analysis/ | This is what a sample of linux malware looks like on virustotal. ]] Ironically ClamAV detects it as Windows malware.