As a techie, I can say that’s a hot research area. There isn’t much useful stuff in it.

Is there a site that transparently evaluates software and publishes its findings?

Well, you just found the Mozilla one. It has told you their findings.

Try virustotal.com. You can scan files and URLs.

If you have some sort of decent antivirus/antimalware like Malwarebytes, that would work for standalone applications to an extent.

Browser extensions are a lot harder to check.

Always make sure you get the RIGHT extension from the PROPER SOURCE. Same with most downloads and app store stuff on your mobile devices, but at least with executables, you can additionally run virus scans for some peace of mind.

Some tips…

• Always make sure you’re accessing the extension’s download/install page from a trusted source.
• Check reviews AND READ THEM. Make sure they don’t look suspicious/bot-generated.
• Consider what permissions you’re giving the extension. Your browser has a lot of personal and sensitive information… including the “keys” to a lot of your accounts. Basically any website that you don’t need to sign into every time you access it? That “key” is stored in your browser.

I believe you can generally trust what permissions an extension or app needs (since the browser/device knows which permission an extension/app uses, and locks them away otherwise), but be wary of the implications of some of them (such as data from other websites, or accessibility features).

Both practically and theoretically, it might be impossible. It basically comes down to trusting trust. https://www.youtube.com/watch?v=SJ7lOus1FzQ

Mostly if you find an attached GitHub repository to the software, you can have a bit more trust in it than otherwise, it means that the developer is putting their cards on the table and not trying to hide something nefarious. Of course there are caveats to this but it’s a good start.