Thanks. Our security researchers will review this today and we might take it down.
We reached out to the new author and he does not have malicious intent, and agreed that we just take down the new extension if we see something is off.
I am in European time and I do not know what happened on that post (since I was sleeping). I assume it were some heated arguments between maintainer and community about license/copyrights/open source maintenance.
A member of the community did a deep security analysis of the extension and found multiple red flags that indicate malicious intent and reported this to us.
Our security researchers at Microsoft confirmed this claims and found additional suspicious code.
We banned the publisher from the VS Marketplace and removed all of their extensions and uninstalled from all VS Code instances that have this extension running. For clarity - the removal had nothing to do about copyright/licenses, only about potential malicious intent.