Could you define malicious more precisely?

If malicious is "an evil piece of software that tries to steal or tamper with data on your computer" then I can assure you that this will be impossible. IO, Network communication, and a few more things should be disallowed. Everything else should be performed sandboxed to prevent messing around with other processes / the main memory / ...

However, if malicious is "a morally unacceptable task" then I am afraid we cannot do anything about it. Personally, I don't think that we have to think about having to be morally perfect at all in the general case. Everyone is free to chose what work he will work on, and (even if the main client does not support it) when someone has the desire to check work packages for their moral correctness before working on them, then he can do so whenever he wants. The standard case, of course, does not do any moral judgement.