A developer found a Claude Code plugin collecting extensive telemetry across projects (www.techradar.com)

A developer discovered that the Claude Code plugin, which integrates with Vercel, was generating unexpected telemetry consent requests even in unrelated projects that lacked Vercel configuration files. This objectionable behavior involved system-level instruction injection, allowing the plugin to collect detailed usage data—including complete bash command strings and sensitive environment details—without explicit user consent. The telemetry gathered session-level information such as device identifiers and operating system details at the start of each session, raising significant privacy concerns for users who may not have realized their data was being collected. This incident highlights a critical issue for the AI/ML community regarding transparency and user privacy in AI tools. The “anonymous usage data” description downplays the actual granularity of collected information, which could potentially expose sensitive user data. Moreover, while options to disable this telemetry exist, they require manual intervention and are not clearly presented during installation. This revelation sets a concerning precedent for data practices within AI plugins and emphasizes the need for stricter consent mechanisms and clearer user notifications to safeguard developer and user information across various projects.