Discussion

The Vercel Plugin on Claude Code wants to read all your prompts!

embedding-shape: > skills are injected into sessions that have nothing to do with Vercel, Next.js, or this plugin's scope> every skill's trigger rules get evaluated on every prompt and every tool call in every repo, regardless of whether Vercel is in scope> For users working across multiple projects (some Vercel, some not), this is a fixed ~19k token cost on every session — even when the session is pure backend work, data science, or non-Vercel frontend.I know everything is vibeslopped nowadays, but how does one even end up shipping something like this? Checking if your plugin/extension/mod works in the contexts you want, and doesn't impact the contexts you don't, seem like the very first step in even creating such a thing. "Where did the engineering go?" feels like too complicated even, where did even thinking the smallest amount go?

potter098: The bigger issue here is not telemetry by itself, it's shipping a context-insensitive integration into a tool people use across unrelated repos. If the overhead is real, that turns a convenience plugin into something teams have to actively defend against.

acedTrex: > Checking if your plugin/extension/mod worksWhat makes you think they do this with any of their products these days?

chuckadams: > I know everything is vibeslopped nowadays, but how does one even end up shipping something like this?The first part of your question answers the second. No one is left who cares. People are going to have to vote with their feet before that changes.

infecto: Every single scam website I have gotten from spam text messages is being hosted on vercel. Not surprising.

atraac: What does this even have to do with the thread? They're hosted there cause it's cheap and extremely easy to do so. Not because it's "specially crafted" for scams.

infecto: Easy to do because there is a lack of engineering quality similar to the attached plugin.Not surprising.

p_stuart82: 19k tokens per session and the skill triggers don't even check project scope. you're paying that overhead on every non-vercel repo

nothinkjustai: I’ve often seen people say that AI is a multiplier, where a 2x dev becomes a 4x dev, but a -1x dev becomes a -2x dev, etc.I think it’s fairly easy to tell what impact AI is having at Vercel. Knowing the pre-ai quality of the engineering at that company, I’m not surprised in the AI era they’re pushing stuff like this. I doubt anyone even thought to check it on a repo outside of a Vercel one.

hyperhopper: Your comment assumes the plugin is not working as they want it to. The way it is designed gets them the maximum amount of data. It does a great job if that is their goal.

embedding-shape: Yes, I'm assuming good intentions and try to take a charitable perspective of everything, unless there is any specific evidence pointing to something else. Is there any evidence of this being intentional?Seems to me their engineering practices such, rather than the company suddenly wanting to slurp up as much data as possible, if they truly wanted that, they have about 10 better approaches for it, if they don't care about other things.

Kwpolska: Why would you assume good intentions of any business in this day and age?

embedding-shape: Because I'm a nice person, and want to give other nice people the benefit of the doubt. And most businesses are run by people after all, not hard to imagine at least some of them would be "nice people" too.And frankly, the alternative would be too mentally taxing. So in the camp of "Good until proven otherwise" is where I remain for now.

heliumtera: Oh boy, the guy in the middle wants to take advantage of you! Surprising stuff.You always had the option to not, ever, touch Vercel.

guessmyname: I use Little Snitch and I have never seen Claude Code connect to anything other than api.anthropic.com and a telemetry service by Sentry, never saw a Vercel connection attempt, but then again, I always set telemetry off in every software I install before running.

abelsm: The breach of trust here, which is hard to imagine isn't intentional, is enough reason alone to stop using Vercel, and uninstall the plugin. That part is easy. Most of these agents can help you migrate if anything.The question is on whether these platforms are going to enforce their policies for plugins. For Claude Code in particular this behavior violates their plugin policy (1D) here explicitly: https://support.claude.com/en/articles/13145358-anthropic-so...It's a really tough problem, but Anthropic is the company I'd bet on to approach this thoughtfully.

delichon: > Anthropic is the company I'd bet on to approach this thoughtfully.I read that Anthropic may have gained in good will more than the $200M they lost in Pentagon contracts. It seems plausible.

andrewqu: Engineer at Vercel here who worked on the plugin!We have been super heads down to the initial versions of the plugin and constantly improving it. Always super happy to hear feedback and track the changes on GitHub. I want to address the notes here:The plugin is always on, once installed on an agent harness. We do not want to limit to only detected Vecel project, because we also want to help with greenfield projects "Help build me an AI chat app".We collect the native tool calls and bash commands. These are pipped to our plugin. However, `VERCEL_PLUGIN_TELEMETRY=off` kills all telemetry.All data is anonymous. We assign a random UUID, but this does not connect back to any personal information or Vercel information.Prompt telemetry is opt-in and off by default. The hook asks once; if you don't answer, session-end cleanup marks it as disabled. We don't collect prompt text unless you explicitly say yes.On the consent mechanism: the prompt injection approach is a real constraint of how Claude Code's plugin architecture works today. I mentioned this in the previous GitHub issue - if there's a better approach that surfaces this to users we would love to explore this.The env var `VERCEL_PLUGIN_TELEMETRY=off` kills all telemetry and keeps the plugin fully functional. We'll make that more visible, and overall make our wording around telemetry more visible for the future.Overall our goal isn't to only collect data, it's to make the Vercel plugin amazing for building and shipping everything.

stephantul: The idea that a random uuid == anonymous, and would protect users from having entire bash commands piped through is preposterous, and you know it.

dminik: > We do not want to limit to only detected Vecel project, because we also want to help with greenfield projects "Help build me an AI chat app".Is the intention here that the AI will then suggest building a NextJS app? I can't quite describe why, but this feels very wrong to me.

akshay2603: OP here, ty for your response.Few reflections:1. Asking for prompts permission is a big big no - i still don't understand why you need it. The greenfield example feels like a stretch but I get that it is a business call and Claude Code enables you to do this today. I am just more pissed with them here. I am not at all comfortable with any plugin getting this info, no matter how much I like them.2. The way you ask this permission feels like a solid dark pattern. I understand it is a harness limitation and Claude code should fix it (as I mentioned in the post) but you choosing to ship this is just wrong. Thank you for agreeing to rethink the wording.3. Basic telemetry being default on and plugin collecting data across non vercel projects made me super uncomfortable. Again, i understand it's a business call but I guess I had higher hopes from vercel.

nisegami: This and the comments here make me even more sad that they ended up acquiring the Nuxt project/team :(

cush: If there were any semblance of liability for software engineering firms things like this wouldn’t happen

raincole: Wait, so you admit this is intentional, not a bug?We need to internet archive this comment.

duckmysick: Why don't have all the telemetry opt-in instead? So that nothing is collected by default and then having `VERCEL_PLUGIN_TELEMETRY=on` enables it.

shimman: Because their boss said so and they're paid the big $$$ to create not to think or push back about the damage they are doing to their users.