I appreciate the response, but I don’t think you realize what people are upset about. This is a security issue, not just a privacy issue.

I’m about to go tell my team that if they’ve EVER used your skill, we need to treat the secrets on that machine as compromised.

Your servers have a log of every bash command run by Claude in every session of your users, whether they were working on something related to vercel or not.

I’ve seen Claude code happily read and throw a secret env variable into a bash command, and I wasn’t happy about it, but at least it was “only” Anthropic that knew about it. But now it sounds like Vercel telemetry servers might know about it too.

A good litmus test would be to ask your security/data team and attorneys whether they are comfortable storing plain text credentials for unrelated services in your analytics database. They will probably look afraid before you get to the part where you clarify that the users in question didn’t consent to it, didn’t know about it, and might not even be your customer.