I'm recommending that approval, similar to BukkitDev, be added on free resources as well as on premium where it already exists. Of course, the moderators here already work very hard so it would be infeasible to expect them to approve all plugins. Instead, I suggest that some specific set of users (ie. more than 250 posts and/or positive ratings, at least 5 resources, handpicked by staff, etc.) be allowed to vote on the approval of a plugin. Once a specific number (5, for example, although almost any number could work) votes that the plugin is safe, it becomes public. Once a single user votes it unsafe, a staff member verifies (the user can point out specifics) the flaw, and if it is truly malicious, appropriate action is taken against the user who posted the plugin and the user who found the flaw is perhaps rewarded. Of course, users won't be penalized for missing a flaw and therefore marking the plugin clean because this would discourage checking since accidents inevitable happen. Perhaps if a user repeatedly misses many flaws when most others find the flaws they could be barred from reviewing more plugins in the future. If the staff member determines there is no flaw, they remove the vote pointing out the flaw and can then decide to either look through all code and approve it themselves, or wait for enough votes from others to come in. XenForo plugins are expensive, so no custom plugin can be made for this. However, this is not needed as the building blocks for such a system already exist and are used within Spigot. New resource posts can be placed into a separate category that is only visible to the member who posted the resource and another group. Premium resources already do this. Then, simply create a group for the list of members (use the system that gives users access to S&R to add them, if not hand picking the users) that is allowed to approve resources and allow them to reply to the thread. Once there are enough votes, the last voter can report their post and a staff member simply checks for the correct number of votes and approves the plugin while possibly deleting the posts as well. When a user marks a resource as malicious they can reply explaining why and then report their post so a staff member can take the aforementioned action, or if the user posting the resource should be kept in the dark about the flaw (ie. to prevent them from making it more subtle in an update, since updates make the previous version inaccessible (perhaps not to staff members, but I am assuming that staff members can't access old versions either because I can't think of any reason that users shouldn't be able to as well if they are actually saved)), they can report the resource or the first post in the resource's thread that is automatically created. The system I am proposing has many benefits. Of course, it helps to filter out malicious resources and plagiarism. Which then, in turn, helps bring more users to Spigot from Bukkit, which even if Spigot doesn't necessarily actively want more users, it will certainly help those users as we all know that Spigot (and many of it's resources) are superior software, especially now that there is no 1.8 version of Bukkit on Bukkit's website. This also helps keep the existing community safe. Lastly, it could also give staff members a good, albeit small, hint on who to pick for the next new staff member, as I am sure more will be needed as the community grows.