I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations...
This is more about developers carelessly integrating 3rd party code into their extension without verifying if it’s malicious. People should be able to spot this if it’s a widely reviewed open source extension. At the end of the day, you have to make sure you trust the developer that they have sound programming skills and decent security knowledge to not be duped into adding code from an untrusted source just because of an offer for income.
Currently you don't.
The real underlying issue for this all is that the "Hot" sorting algorithm Lemmy (and Kbin) uses is terrible - if someone posts the same thing in 5 different big & popular (i.e "hot") communities at the same time, there's a good chance you'll see all those five posts all next to each other on your feed even if one has 100 votes and the others have 30 - note how they are all "6 hours ago".