You've definitely got the right idea, I'd do the execution a bit different, but I like my stuff as exacting as I can get it at times. First I'd break it into two different rules myself. One for regular and one for extended ACL's, assuming that's what your going after with the 'deny any' and 'deny ip any any', right? I'd then anchor my end condition a bit better, instead of just '(!|ip access-list'), I'd put a '^' at the beginning to anchor it to the beginning of the line. Otherwise a stray commend in the ACL that has a matches your condition would potentially match, such as 'remark ip access-list is not supposed to end here' would match.
Then in the standard ACL I would search for this '^\s+deny\s+any'. I suppose you could anchor it to the end of the line also, as well as the beginning, in which case it would be '^\s+deny\s+any\r\n' instead. That way you get an exact match once again and don't accidentally match a comment again! Same basic thing with the extended ACL, something like '^\s+deny\s+ip any any\r\n'...
Just my thoughts...
Of course when you do this you'd just be sure those exact lines were in the ACL, not necessarily at the end of the ACL. Lets take this for example
ip access-list extended testing
permit udp any any eq snmp
permit tcp any any eq smtp
remark I don't want to deny anything that shouldn't be denied
permit tcp any any eq 22
deny ip any any
permit tcp any any eq telnet
!
With your example, it would stop testing on the remark line. Why? Because there is a "deny any" in it, sure its "deny anything", but it will still match. My rule however would stop looking at the "deny ip any any" line, more of what you want. That is effectively the last line of the ACL, because the next line with telnet will never be reachable. Which for what I'm thinking is ok by me...
However, if you're trying to find access-list mistakes where someone appended lines onto the ACL after the 'deny ip any any' line, this would not work. Let me know if this is the case and I can play around a bit and see if I can think of a way to test for that. Right off hand I'm thinking maybe a regex for the end of the config block that matches multiple lines? Not sure, would have to play with it.
Let me know if you have any questions!