As we know, Bash scripts are a big security matter for system reaches. For instance, [Shellshock vulnerabilities]=> (https[://]en.wikipedia[.]org/wiki/Shellshock_(software_bug)) or [bash commands injection] => https[.//]www.owasp[.]org/index.php/Command_Injection) can deeply harm yunohost instance, furthermore if executed as super-administrator (as YNH scripts does).
I suggest in the framework of deploying new apps and classify the sanity of them with the great ideas of app levels, to get in parallel of [package-linter]=>(https[://]github[.]com/YunoHost/package_linter) to use bash best practices with ShellCheck.
I issued a PR to sanitize example scripts of [example_ynh]=>(https[://]github[.]com/YunoHost/example_ynh) that can be found here: https://github.com/YunoHost/example_ynh/pull/102
Best would be to parse ShellCheck output in Travis CI?
(sorry for Markdown mess, I’m limited by the # of links I can put…!!)