No, there are no third-party checks on the code that is uploaded to PyPI (the Python Package Index, which is where pip downloads packages unless explicitly instructed otherwise). The only restriction is that once a package name exists, only the maintainer(s) can upload packages with that name (i.e. you can't submit a malicious upgrade to someone else's package using the same name). It is up to the maintainer to ensure that whatever they make available on PyPI doesn't contain malware, unless they intend for it to be malware, and it is up to each individual developer to be aware of what they are downloading using pip.
This has been exploited in a research project investigating "typosquatting". The researcher uploaded some "simulation malware" (mostly harmless) to PyPI under names that were misspelled versions of popular package names, in order to collect data on how often these misspelled packages were installed. If a black-hat hacker had done the same thing, they could have used much more malicious code.
See also this Security Stack Exchange question on the same topic.