HN Flags Vercel Plugin Telemetry That Reaches Beyond Vercel Projects
Original: Vercel Claude Code plugin wants to read your prompt View original →
What happened
A Hacker News thread formed around Akshay Chugh’s April 9, 2026 post about the public vercel-plugin codebase. The core complaint was not that Vercel added telemetry at all, but that the plugin’s consent flow and scope are broader and less explicit than many users would expect from a deployment helper.
The public repo supports much of that critique. In hooks/user-prompt-submit-telemetry.mjs, the plugin writes an asked marker and emits additionalContext that tells Claude to use AskUserQuestion for a telemetry prompt, then run shell commands to write enabled or disabled to ~/.claude/vercel-plugin-telemetry-preference. In hooks/posttooluse-telemetry.mjs, a Bash tool invocation is recorded as bash:command. In hooks/telemetry.mjs, events are sent to https://telemetry.vercel.com/api/vercel-plugin/v1/events, and a persistent device ID is stored under ~/.claude/vercel-plugin-device-id.
Why it matters
The key policy question is scope and attribution. The prompt shown to users says the choice “only controls prompt telemetry,” which means the more basic event stream is a separate layer. GitHub issue #34 makes the same complaint in plain language: consent is delivered through model context, not a visibly plugin-owned interface, and that makes it hard for users to tell normal plugin behavior from instruction injection.
- The code path is about telemetry design, not a confirmed breach or exploit.
- The repo also shows project profiling logic, but the critique argues that telemetry is not gated to Vercel-only work.
- HN commenters generalized the issue into a broader question about plugin permissions in agent tools.
That broader point is why the story traveled. As agent ecosystems grow, prompts, tool traces, shell commands, and device-level identifiers stop being “just analytics” and become part of the product’s trust model. Vercel’s plugin is one concrete case, but the debate HN latched onto is bigger: who gets to observe agent sessions, under what disclosure standard, and with what project boundaries.
It is also notable that the repo already contains project profiling code, which means the controversy is not about the plugin lacking technical context entirely. It is about how that context is used, what is presented to the user, and whether the interface makes the plugin’s actions attributable at the moment consent is requested. Original sources: Akshay Chugh, GitHub issue #34, the public vercel-plugin repo, and Hacker News.
Related Articles
A high-traffic Hacker News thread pushed Alex Kim's Claude Code leak analysis into the center of the developer-tools conversation. The exposed source map turned vague concerns about anti-distillation, telemetry, and hidden behavior into named flags and inspectable code paths.
OpenAIDevs said on April 4, 2026 that developers can move from project setup to deployment with the Vercel plugin in the Codex app. The post aligns with OpenAI’s Codex plugin documentation and Vercel’s late-March rollout of plugin support for OpenAI Codex and Codex CLI.
Hacker News pushed CVE-2026-33579 into wider view after NVD described a high-severity OpenClaw flaw in the `/pair approve` path. The issue could let a user without admin rights approve broader device scopes, which turned the thread into a discussion about why AI coding tools now need normal authorization engineering.
Comments (0)
No comments yet. Be the first to comment!