These questions do have good answers, but I feel like we are digressing here. These are best answered in a thread about PEP 458 / 480, not here.
I feel like VirusTotal could be useful here. Given that this is probably the most comprehensive collection of malware in existence, it’s probably worth uploading source files to run them again multiple AVs to detect potentially malicious content. This would still require manual review however, since VirusTotal only returns # of detections, not a definitive yes/no.
Also, the VirusTotal public API is free but rate-limited, which might be a deal-breaker.