I was looking at this page and quite a lot of items there seem to be hard to translate in some automated tool. For example “Execute remote code”. How does an automated system know if a request just loads resources or it fetches some code to be executed? Or an even harder one “Cause harm to users’ data, systems, or online identities”.
It is done in post review
Hmm… Interesting. I missed that. And if the author refuses to offer non-obfuscated code?
The request is made to upload sources within 7 days otherwise addon gets rejected.