Usually I wouldn't expect anything to happen to a big company like this, but oof...this is so much worse than the title makes it sound. If they leave something like this in their store, then all user trust will be gone.

I'll bet there's also a good number of developers at Anthropic itself who are now surprised to learn that every api token etc. that may have appeared in a Claude Code bash command is now leaked to a third party. Whoever can gain access to this telemetry server is sure to find a lot of valuable stuff in there.

Wow. Just read the full policy. It's not just 1D. Section 2D says plugins "must not intentionally call or coerce Claude into calling other external software... unless requested and intended by a user."

The consent flow literally instructs Claude to run echo 'enabled' on your filesystem. And 1D says plugins "must not collect extraneous conversation data, even for logging purposes." Full bash commands from non-Vercel projects are extraneous :)

> Anthropic is the company I'd bet on to approach this thoughtfully.

I read that Anthropic may have gained in good will more than the $200M they lost in Pentagon contracts. It seems plausible.

I'm a vercel customer, and I like using vercel AI SDK and Chat SDK. But I found myself moving away from vercel and next.js whenever I start a new project. I wish they maintain the technical standards while achiving commercial success.

This is the top comment. This is a blatant breach of policy, nevermind user privacy, security, and trust.

The age of quickly digesting and generating data, and yet the most primitive things like aligning with policies are still ignored

Having in mind how connections in Bay Area work, chances of something negative happening to Vercel are zero.