Since these userscripts are writen in javascript, you can see the full source code when installing a userscript. So you could check line by line what the script is doing. While this doesn’t prevent it entirely, I would requie malicious code to be obfuscated in some way and still look like a trustworthy script in order to fool people. The scripts here are used by a lot of people and I have yet to find one instance of anyone mentioning an evil userscript.
Also, scripts are restricted to run according to their meta information: All scripts begin with a little of this:
These @include and @match tags tell tampermonkey where the script is allowed to run.
There really is someone here named match… sorry for tagging you @match)