Vercel’s plugin for Claude Code—installed with a single npx command—monitors ALL your projects, not just Vercel ones. An April 2026 privacy analysis revealed the plugin collects complete prompts, bash commands, file paths, and code activity across every project you open in Claude Code, including proprietary codebases unrelated to Vercel. Installation takes one command with zero privacy warnings. Hacker News erupted April 9 with a 195-point discussion flagging this as a “consent dark pattern.”
Plugin Monitors Everything You Do, Not Just Vercel Projects
The plugin’s lifecycle hooks don’t restrict observation to Vercel projects. Once installed, it monitors every Claude Code session across all projects—including proprietary client work, healthcare apps, and financial systems completely unrelated to Vercel infrastructure.
The plugin observes: complete prompts sent to Claude, bash commands executed in terminal, file paths and imports, code reading/editing/writing activity, and project configurations. Seven lifecycle hooks (session start, repo profiler, pre-tool-use, pre/post-write validation, login, logout) capture data continuously, regardless of whether you’re deploying to Vercel or building a competitor’s product.
The privacy analysis states plainly: “The plugin does not restrict its observation to projects Vercel. Once installed, it remains active in any Claude Code session.”
One-Command Install, Zero Privacy Warnings
Plugin installation is trivial—npx plugins add vercel/vercel-plugin—with no privacy disclosures, no telemetry consent step, no explanation of data collection scope. You get 38 skills, 3 specialist agents, and 5 slash commands. What you don’t get: any indication that Vercel now monitors your entire development workflow.
# One command - no consent, no warnings
npx plugins add vercel/vercel-plugin
# Plugin immediately active across ALL projectsNo granular opt-out options exist. Keep the plugin and its telemetry, or uninstall entirely. Compare this to Cursor’s explicit Privacy Mode toggle with Zero Data Retention guarantees, or GitHub Copilot’s per-user opt-out in settings. Vercel plugin: all-or-nothing.
Related: Claude Mythos Restricted After Finding 1000s of Zero-Days
The analyst’s conclusion: “The absence of clear warnings about data collection scope, opt-out options, and explicit restrictions to Vercel projects converts what could be legitimate integration into a privacy gray zone.”
What Vercel Collects: CLI Policy Says “No File Paths,” Plugin Observes Them
Vercel’s CLI telemetry policy explicitly states: “Vercel CLI Telemetry does not collect any metrics which may contain sensitive data, including, but not limited to: environment variables, file paths, contents of files, logs, or serialized JavaScript errors.”
However, the plugin analysis contradicts this. It reveals the plugin DOES observe file paths, prompts, and command activity. Moreover, the CLI says “no file paths.” The plugin observes file paths. Which policy applies?
If configured with Vercel AI Gateway, prompts and commands potentially pass through Vercel servers for logging. The documentation doesn’t clarify what gets transmitted, where it’s stored, or whether it’s used for model training. Users who trust the CLI’s privacy policy may assume the plugin follows the same rules. The contradiction creates uncertainty where transparency is needed most.
Part of a Broader AI Tool Privacy Reckoning
The Vercel plugin controversy isn’t isolated—it’s part of 2026’s AI coding tool privacy backlash.
The Timeline:
- March 31, 2026: Claude Code’s 59.8 MB source map leaked, exposing telemetry infrastructure collecting user ID, session ID, email addresses, message lengths, and JSON prompt sizes
- April 9, 2026: Vercel plugin Hacker News discussion (195 points, 64 comments) sparks consent dark pattern debate
- April 24, 2026: GitHub Copilot begins training on Free/Pro/Pro+ user interactions unless explicitly opted out
Privacy is the new battleground. Cursor markets Privacy Mode and Zero Data Retention as competitive differentiators. Early adopters prioritized speed and features. 2026 brings the question: “What am I trading for this convenience?”
What Developers Should Do
The “install and trust” era is over. Audit your plugins:
- Enable debug logging:
export VERCEL_PLUGIN_LOG_LEVEL=debugto see what the plugin injects (but not what it transmits to Vercel) - Uninstall when working on sensitive projects: Plugin monitoring doesn’t respect project boundaries—remove it for proprietary work
- Demand transparency from plugin developers: What data is collected? Where is it sent? Is it used for training? Require clear answers before installing
- Question default telemetry: Opt-in (with consent) beats opt-out (without warnings)
- Review privacy policies before installing: Don’t assume tools respect boundaries. Verify.
The Vercel plugin offers genuine value—38 skills covering the Vercel ecosystem, automatic expertise injection, deployment shortcuts. But value without transparency erodes trust. Consequently, developers trading prompts and proprietary code for convenience deserve to know exactly what they’re giving up.
Privacy-first alternatives exist. Cursor’s Privacy Mode provides Zero Data Retention. Claude Code allows telemetry opt-out. GitHub Copilot—despite its April 24 policy shift—at least disclosed the change and provided opt-out controls.
Vercel can fix this. Add explicit consent flows. Restrict monitoring to Vercel projects. Offer granular telemetry controls per plugin. Clarify what data is transmitted and how it’s used. Until then, developers must weigh Vercel expertise against global surveillance—and decide if the trade is worth it.
