As I have already stated, if - despite how often this false positive comes up - anyone thinks that I would actually include malware in an extension, they are free to download Visual Studio and compile it themselves, or download Ghidra and decompile the extension to see if it does anything malicious.