just like the title, are those apps legit or is there malicious code in there somewhere?

thanks!

it can if WhatsApp mod have mentioned their github repository. it`s really hard to trust this way i just download 3 week ago @mixroot post but you isn`t moder there credit mentioned that` mean members are just making money on mobilsm they don`t even check codes simply forwarding apk file from random telegram channel. In WhatsApp its @sam_mod dark web telegram channel which shares pawned password. you can clearly see in video section what`s he doing. so you can in gbwhatsapp there might fishing codes. it should be Okey if you running android pie and not permit any permission.
what I`m saying, if mod isn`t on github don`t trust it. even if its there see the star and issue. atleast code is visible there than here.

It depends where you are getting any mod from, and I agree there are several kangers on mobilism sadly who take another modders work and release their own mod or the next version of the app and claim as if they did the work originally and not reverse check the mod vs original APK.