I was just thinking about something similar. It would be nice if at a minimum, we could put together a list of compromised extensions. I feel like I've seen quite a few of these reports recently
It should be possible to look at the source code of known compromised extensions and put together a list of heuristics that could automate part of the process. Minifiers make it more difficult though.