After publishing an add-on to GSuite Marketplace I found all my add-ons are not verified.
Users who want to install my add-ons got a message:
This app isn't verified
This app hasn't been verified by Google yet. Only proceed if you know and trust the developer.
This time I found Google's guide helpful: https://developers.google.com/apps-script/guides/client-verification
The main reason for this message is that OAuth consent screen scopes approved in GCP console don't match permissions required by your App Script manifest.
If your add-on doesn't have any approved OAuth consent screen, the user will see a "The app isn't verified" screen, but after that, he won't be able to use your add-on unless you share your code!
To get rid of the warning you should add mission permission scopes to OAuth screen section of GCP. You should justify using requested permissions. That worked for me:
I'm working on GSuite add-on and here is a justification.
https://www.googleapis.com/auth/spreadsheets.currentonly - My add-on works with spreadsheets and I need access to the current one.
https://www.googleapis.com/auth/script.container.ui - My add-on has UI (sidebar) and this permission is required to create one.
https://www.googleapis.com/auth/script.external_request - My add-on requires access to server-side REST API to fulfill its purpose.
Sometime after submitting a request you will get your application approved.