Well, this is plain BS.
First of all, it doesn't contain a virus:
https://www.virustotal.com/de/file/d...is/1467370562/
And on another note:
WoW AddOn files (LUA, XML, Textures) are executed in a secure environment (sandbox) in the Client and no data can be executed on the operation system.
The only way to get a virus infection from AddOns is via executables or infected archives.
The archive itself is created by the github packager and I'd doubt that it would create infected archives since that would mean the projects road to ruin.
TL,DR:
The archive and AddOn is save.
Don't believe in unsubstantiated drivel.