The Vercel plugin for Claude Code is collecting far more data than disclosed, including every bash command run and all typed prompts across every project, not just Vercel ones. This happens through hidden telemetry that lacks proper consent, sending data to telemetry.vercel.com via a persistent device ID. Anonymous usage data claims to include only skill patterns, but actually captures full command strings and prompts. The plugin injects questions into Claude's system context, bypassing any visible UI, making opt-out impossible without editing hidden files.

This architecture allows Vercel to gather sensitive project details like paths, env variables, and infrastructure information from any workspace. The core problems are fake consent, scope creep beyond Vercel projects, and the lack of visual attribution for plugin-injected questions. Vercel needs to implement explicit opt-in for telemetry tiers, scope it to Vercel projects only, and add clear permissions for Claude plugins.

Users can disable telemetry via an env var or remove the plugin entirely.