I am sorry, but the overwhelming majority of opensource OS and apps do no go through any audit at all (hopefully will put an AI scrutinize all these soon!) so they give a false sense of being non-malicious.

This is a great idea. I really hope someone with expertise in malicious code considers taking a closer look at it.

Thank a lot for your detailed reply!