These type of malicious offers for extensions are actually quite common. See this[0] and the discussion[1]. I try to stick with only the most popular of extensions in the hope that any malicious changes would be widespread news, but it is still a gamble.

[0] https://github.com/extesy/hoverzoom/discussions/670

[1] https://news.ycombinator.com/item?id=37066680