| ▲ | abelsm 4 hours ago | |||||||
The breach of trust here, which is hard to imagine isn't intentional, is enough reason alone to stop using Vercel, and uninstall the plugin. That part is easy. Most of these agents can help you migrate if anything. The question is on whether these platforms are going to enforce their policies for plugins. For Claude Code in particular this behavior violates their plugin policy (1D) here explicitly: https://support.claude.com/en/articles/13145358-anthropic-so... It's a really tough problem, but Anthropic is the company I'd bet on to approach this thoughtfully. | ||||||||
| ▲ | MattDaEskimo a few seconds ago | parent | next [-] | |||||||
This is the top comment. This is a blatant breach of policy, nevermind user trust, privacy and security. The age of quickly digesting and generating data, and yet the most primitive things like aligning with policies are still ignored | ||||||||
| ▲ | HotHotLava 2 hours ago | parent | prev | next [-] | |||||||
Usually I wouldn't expect anything to happen to a big company like this, but oof...this is so much worse than the title makes it sound. If they leave something like this in their store, then all user trust will be gone. I'll bet there's also a good number of developers at Anthropic itself who are now surprised to learn that every api token etc. that may have appeared in a Claude Code bash command is now leaked to a third party. Whoever can gain access to this telemetry server is sure to find a lot of valuable stuff in there. | ||||||||
| ▲ | akshay2603 3 hours ago | parent | prev | next [-] | |||||||
Wow. Just read the full policy. It's not just 1D. Section 2D says plugins "must not intentionally call or coerce Claude into calling other external software... unless requested and intended by a user." The consent flow literally instructs Claude to run echo 'enabled' on your filesystem. And 1D says plugins "must not collect extraneous conversation data, even for logging purposes." Full bash commands from non-Vercel projects are extraneous :) | ||||||||
| ▲ | delichon 4 hours ago | parent | prev | next [-] | |||||||
> Anthropic is the company I'd bet on to approach this thoughtfully. I read that Anthropic may have gained in good will more than the $200M they lost in Pentagon contracts. It seems plausible. | ||||||||
| ||||||||
| ▲ | taoh 2 hours ago | parent | prev | next [-] | |||||||
I'm a vercel customer, and I like using vercel AI SDK and Chat SDK. But I found myself moving away from vercel and next.js whenever I start a new project. I wish they maintain the technical standards while achiving commercial success. | ||||||||
| ▲ | elAhmo 3 hours ago | parent | prev [-] | |||||||
Having in mind how connections in Bay Area work, chances of something negative happening to Vercel are zero. | ||||||||