[BUG] Marketplace installation silently fails (SIGKILL) on enterprise machines due to EDR blocking --recurse-submodules

Resolved 💬 4 comments Opened Feb 20, 2026 by spiveym Closed Mar 31, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

claude plugin marketplace add fails silently for all repositories. The clone subprocess is killed instantly (exit 137 / SIGKILL) with empty stderr, producing:

✘ Failed to add marketplace: Failed to clone marketplace repository:

This also causes Failed to install Anthropic marketplace · Will retry on next startup on every launch.

Root cause:
Since v2.1.7, the marketplace and plugin clone functions include --recurse-submodules --shallow-submodules. Corporate endpoint security tools (confirmed with CrowdStrike Falcon + Uptycs Protect on macOS) kill git processes whose command line contains --recurse-submodules. The kill is based on argument pattern matching, not git's behavior — the process is killed in ~7ms before git even starts cloning.

Why endpoint security blocks this:
Because the --recurse-submodules flag is widely categorized as an unsafe invocation pattern by security vendors, enterprise endpoint protection platforms (EPP/EDR) enforce hard blocks on its execution via argv string matching. In environments with strict IT compliance controls, developers lack the privileges to whitelist this, resulting in a hard blocker for enterprise adoption.

Key finding:
git clone -c "submodule.recurse=true" achieves the same result and is NOT killed, because endpoint security matches on argv strings, not git config flags.

  • Killed every time (exit 137):

git clone --depth 1 --recurse-submodules https://github.com/anthropics/knowledge-work-plugins.git /tmp/test1

  • Works every time (exit 0):

git clone --depth 1 https://github.com/anthropics/knowledge-work-plugins.git /tmp/test2

  • Also works (exit 0) — same submodule behavior, different argv:

git clone --depth 1 -c "submodule.recurse=true" https://github.com/anthropics/knowledge-work-plugins.git /tmp/test3

This affects even local clones with no network involved and repos with no submodules.

What Should Happen?

Claude Code's plugin installation flow should be natively compatible with standard enterprise EDR environments.

The clone operation should either drop the --recurse-submodules flag entirely and initialize submodules as a secondary step, or use the equivalent configuration flag (-c "submodule.recurse=true") which achieves the same functional result without triggering EDR argv string-matching rules.

Steps to Reproduce

  1. Be on a machine with CrowdStrike Falcon, Uptycs Protect, or similar endpoint security that monitors process argv
  2. Run claude plugin marketplace add anthropics/knowledge-work-plugins
  3. Clone fails silently with empty error
  4. To confirm your machine is affected, run from a terminal:

git clone --depth 1 --recurse-submodules https://github.com/anthropics/knowledge-work-plugins.git /tmp/test-recurse; echo "Exit: $?"
(If the output is Exit: 137 or zsh: killed, your endpoint security is blocking --recurse-submodules.)

  1. Verify the functional workaround by running:

git clone --depth 1 -c "submodule.recurse=true" https://github.com/anthropics/knowledge-work-plugins.git /tmp/test-bypass; echo "Exit: $?"

  1. Observe Exit: 0 (Success).

Claude Model

Multiple models

Is this a regression?

Yes, this worked in a previous version

Last Working Version

v2.1.6 (confirmed via npm decompilation — --recurse-submodules was added in v2.1.7)

Claude Code Version

2.1.49 (Claude Code)

Platform

Anthropic API/Bedrock

Operating System

macOS

Terminal/Shell

Ghostty/Terminal.app (macOS)

Additional Information

Endpoint security extensions on the affected machine:

  • com.crowdstrike.falcon.Agent (7.32/204.07) — Falcon Sensor
  • com.code42.agent.extension (1.15.7.33) — Code42
  • com.uptycs.kringle.daemon (4.1.0) — Uptycs Protect

Version-by-version confirmation (decompiled from npm):

  • v2.1.5: no --recurse-submodules in clone commands
  • v2.1.6: no --recurse-submodules in clone commands
  • v2.1.7: --recurse-submodules --shallow-submodules present (matches changelog: "Fixed plugins with git submodules not being fully initialized when installed")
  • v2.1.49: still present

The relevant code from the binary (minified function QT8):

let _ = ["-c", "core.sshCommand=ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new",
         "clone", "--depth", "1", "--recurse-submodules", "--shallow-submodules"];
// ...
let B = await WA(P_(), _, {timeout: 30000, stdin: "ignore", env: {...process.env, ...S5B}});

Where S5B = {GIT_TERMINAL_PROMPT: "0", GIT_ASKPASS: ""}.

Related issues:

  • #17293 — The original issue requesting --recurse-submodules be added
  • #18001 — Earlier report of this same clone failure (my previous comment, before root cause was identified)
  • #13553 — Related marketplace clone failures

Workaround: Manual clone + registry entry:

git clone https://github.com/anthropics/<repo>.git \
  ~/.claude/plugins/marketplaces/<repo>

Then add to ~/.claude/plugins/known_marketplaces.json:

"knowledge-work-plugins": {
  "source": { "source": "github", "repo": "anthropics/knowledge-work-plugins" },
  "installLocation": "<HOME>/.claude/plugins/marketplaces/knowledge-work-plugins",
  "lastUpdated": "2026-02-20T00:00:00.000Z"
}

Relevant Sources:

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗