I was just thinking about something similar. It would be nice if at a minimum, we could put together a list of compromised extensions. I feel like I've seen quite a few of these reports recently
It should be possible to look at the source code of known compromised extensions and put together a list of heuristics that could automate part of the process. Minifiers make it more difficult though.
You should be able to do some of that at the debug console level. But otherwise you're stuck tracking traffic at page level, at least as far as I know.