I see what you mean. So your problem is to verify of whether the "hot Electrum" is modified to insert SIGHASH_NONE. What if instead of creating the transaction there, you just copied the destinations and the payout amounts, and created the transaction in your airgapped device? That way, a malware can't have compromised your transaction anyhow unnoticed.

You can also just install a software that checks for your transaction's SIGHASH like Sparrow.