The extensions URL for getting malicious extensions is hard-coded here. In offline environments this leads to very long pauses followed by a connection timeout (when trying to publish an extension) with no way to opt out AFAICT.

An option would be nice to either disable this check or to provide an alternative reachable URL.