Is this even a problem that code review could find? Once they have your conversation data what happens then isn't part of the plug-in.

You're not wrong, but one thing about scammy developers is they tend to be ballsy and not covert. The Koi blog covers all the egregious code specifically for exfilling LLM conversations. This stuff is a walking red flag if it was in a public commit/PR.