The Vercel plugin on Claude Code wants to read your prompts

Posted by akshay2603 6 hours ago

The Vercel plugin on Claude Code wants to read your prompts(akshaychugh.xyz)

239 points | 89 commentspage 2

nothinkjustai 5 hours ago|

I’ve often seen people say that AI is a multiplier, where a 2x dev becomes a 4x dev, but a -1x dev becomes a -2x dev, etc.

I think it’s fairly easy to tell what impact AI is having at Vercel. Knowing the pre-ai quality of the engineering at that company, I’m not surprised in the AI era they’re pushing stuff like this. I doubt anyone even thought to check it on a repo outside of a Vercel one.

cush 3 hours ago||

If there were any semblance of liability for software engineering firms things like this wouldn’t happen

gronky_ 4 hours ago||

Mobile rendering of the post has some issues. Tables are overflowing and not responsive for example

akshay2603 2 hours ago|

OP here. Fixed it - let me know if it is better now? Ty!

heliumtera 4 hours ago||

Oh boy, the guy in the middle wants to take advantage of you! Surprising stuff.

You always had the option to not, ever, touch Vercel.

phillipcarter 4 hours ago|

Having recently migrated my websites off of Vercel and onto Railway, I can confirm, it's pretty straightforward to not touch Vercel.

infecto 5 hours ago||

Every single scam website I have gotten from spam text messages is being hosted on vercel. Not surprising.

atraac 5 hours ago|

What does this even have to do with the thread? They're hosted there cause it's cheap and extremely easy to do so. Not because it's "specially crafted" for scams.

infecto 4 hours ago||

Easy to do because there is a lack of engineering quality similar to the attached plugin.

Not surprising.

0x457 27 minutes ago||

If hosting a website on their platform is easy to do, wouldn't it support that they know what they are doing?

nisegami 3 hours ago||

This and the comments here make me even more sad that they ended up acquiring the Nuxt project/team :(

gverrilla 2 hours ago||

once you accept genocide, anything passes.

stpedgwdgfhgdd 3 hours ago||

“We collect the native tool calls and bash commands”

Holy shit, I cant imagine this to hold for every bash command Claude Code executes. That would be terrible, probably violating GDPR. (The cmd could contain email address etc)

I must be wrong.

croemer 3 minutes ago|

No, it's true. I added a few lines to the plugin to make it write out all the telemetry it sends to a text file and all the bash tool calls are logged. From every Claude session the plugin is active in.

awestroke 3 hours ago||

We're moving away from Vercel for an increasing number of reasons. But the Vercel brand has fallen so far that we're also moving away from any open source projects they have had any part in creating. The company is almost revolting.

jrsj 48 minutes ago|

Do you have anything substantive to add to this?

michiosw 5 hours ago|

This is a broader pattern I keep seeing with agent plugins/extensions — the permission model is "all or nothing." Once you install a plugin, it gets full context on every session, every prompt.

Compare this to how we think about OAuth scopes or container sandboxing — you'd never ship a CI integration that gets read access to every repo in your org just because it needs to lint one. But that's essentially what's happening here with the token injection across all sessions.

The real problem isn't Vercel specifically, it's that Claude Code's plugin architecture doesn't have granular activation scopes yet. Plugins should declare which project types they apply to and only activate in matching contexts. Until that exists, every plugin author is going to make this same mistake — or exploit it.

yakuphanycl 3 hours ago|

[flagged]