According to the doc, the answer is mentioned in the documentation below.
http://docs.splunk.com/Documentation/Splunkbase/latest/Splunkbase/Approvalcriteria
Malware/viruses, malicious content, user security standards
Check for viruses: Run scanner software to check for viruses and malware
Check for offensive material: No offensive material is in the distribution(pornography, racist content etc..)
Check embedded links: Any URL links in the app do not link to malicous or offensive sites
Authorization credentials: No plain text authorization credentials are in the app artifacts
Hostname/IPs: No sensitive hostnames/IPs have been left in the distributed app
For more details regarding submission of an app, please visit the site below.
https://apps.splunk.com/develop/
... View more