If SpiderMonkey itself is vulnerable, then the Malzilla would also be vulnerable.
There is no additional risk added by this hack.
All that this hack is doing is to log what the eval() function got as arguments.
Each call will produce a file in eval_temp
After script completes, Malzilla will eliminate duplicates in eval_temp, and show you the rest.
About automation, I did think about it (using PScript from Malzilla), but it is not so easy.
Malzilla is multi-thread application, and a lot of events are based on callback functions.
Using them in in environment that is not object-oriented is a real pain.
Example: when you run a script in decoder, Mailzilla's main thread (the user interface) is not waiting for the decoding thread to finish (that would freeze the interface). When the thread finishes, it calls a callback function in Malzilla, letting it know that the results are waiting to be displayed.
Thats just reminded me that there is bug in Malzilla
If you run a script which takes some time to finish, and create a new Decoder tab before the results are there, the results will be displayed on new tab, not on the tab from where you've sent them.
Can you make a short tutorial on how you are running Malzilla under Wine on Linux? Please.