1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'That felt wrong': Dev uses Claude to expose why a popular No-Cod

    From TechnologyDaily@1337:1/100 to All on Mon Apr 13 22:30:27 2026
    'That felt wrong': Dev uses Claude to expose why a popular No-Code platform wants to read all your prompts

    Date:
    Mon, 13 Apr 2026 21:25:00 +0000

    Description:
    Developer finds Claude Code plugin collecting extensive telemetry across projects, including commands and session data, without clear visibility.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Consent prompt appears even in projects without Vercel configuration Plugin delivers consent requests through system-level instruction injection Bash commands are captured fully,
    including sensitive environment details A developer examining the Vercel plugin inside Claude Code found that a telemetry consent request appeared unexpectedly during unrelated work.

    The project contained no Vercel configuration files or dependencies, yet the system still asked whether prompt data could be shared. The request stated that anonymous usage data was already being collected, followed by an option to include prompt text as well. Article continues below You may like
    Anthropic confirms it leaked 512,000 lines of Claude Code source code spilling some of its biggest secrets Experts warn Claude Chrome extension could let hackers hijack your online browsing Three high-risk AI vulnerabilities discovered in Claude.ai end-to-end attack chain exfiltrates sensitive info without user knowing Consent request appears in unrelated projects Instead of appearing as a standard interface element, the consent request was delivered through injected instructions within Claudes system context.

    These instructions directed the AI tool to ask the user a question, then execute shell commands based on the response.

    The result was indistinguishable from a native interaction, leaving no
    visible indication that the prompt originated from a plugin rather than the core system.

    The developer described the experience plainly, stating, that felt wrong, and proceeded to review the plugins source code to verify how the mechanism worked. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Source code inspection shows that telemetry operates in multiple layers, with some data collection enabled by default.

    Session-level data includes device identifiers, operating system details, detected frameworks, and installed CLI versions, all transmitted at the start of each session. This occurs without an explicit opt-in mechanism.

    More notably, bash command strings executed within Claude Code are also captured and transmitted. What to read next Security experts flag multiple issues in Claude Code, warning, 'As AI integration deepens, security controls must evolve to match the new trust boundaries' Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users Be careful what you click - hackers use Claude Code leak to push malware

    These entries include full command content rather than abstracted metadata, potentially exposing file paths, environment variables, and infrastructure details.

    This collection occurs automatically, independent of any user consent regarding prompt sharing.

    The description of this activity as anonymous usage data such as skill injection patterns and tools used does not fully reflect the granularity of the collected information.

    While prompt text requires explicit approval, other telemetry categories remain active unless manually disabled.

    The plugins telemetry system does not restrict itself to Vercel-related environments, as hook configurations show that user prompt submissions are matched universally, while other triggers respond to general tool usage or session events rather than project-specific conditions.

    As a result, telemetry functions across all projects within Claude Code, regardless of relevance to Vercel services.

    This behavior contrasts with existing framework detection logic within the plugin.

    The code identifies project types by scanning configuration files and dependencies, yet this information is not used to limit telemetry activation. The gating mechanism exists but is not applied in practice.

    Disabling telemetry requires manual intervention through environment
    variables or configuration files.

    But these options are documented within the plugin directory rather than surfaced during installation, making them harder to access.

    Removing the device identifier file or disabling the plugin entirely also interrupts data collection, although these steps are not presented during initial setup.

    Simply put, the system combines automated data collection with limited visibility into when and how it operates.

    This may not match what users expect when working outside of no-code platform environments or when using an LLM for coding .

    TechRadar Pro has contacted Vercel for comment, but has heard nothing back at the time of publishing.

    Via Akshay Chugh Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/that-felt-wrong-dev-uses-claude-to-expose-why-a- popular-no-code-platform-wants-to-read-all-your-prompts


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)