Users here are experienced developers, so I think it's not such a big deal. In context, a theme should never need network or file storage access, so you could upfront block those for that type of extension. You can also have policies like "network access is okay but file system and network access together needs approval".
Why are you assuming most VSCode users are "experienced developers"? I would think quite the contrary, as the younger crowd is probably much more likely to be using it than more experienced developers.
I find I very quickly tire of having to think about this. You think "A theme shouldn't require file storage access" and then spend an hour looking up why it does and find out there is actually some strange but totally legitimate reason for it. And every time that happens, you lose a little bit of will to care about what permissions something requested.
There used to be a period where many android apps would explain in the description why they needed certain permissions. Those days are over.
> You think "A theme shouldn't require file storage access" and then spend an hour looking up why it does and find out there is actually some strange but totally legitimate reason for it
No. You think it is suspicious and install another theme that doesn't request anything.
