There needs to be a site like virustotal that will let people submit a smart contract address to be scanned for red flags before sending money to it. As things currently are there is no way to know if a smart contract has problems until those problems have affected people or a dev notices something and reports it. All too often we see swaps taking place due to a bug or some other issue that could have been detected right from the start..
There is a service called Quantstamp, they had their ICO recently. I would trust the technical part of any ICO that has gone through their scrutiny.