Plugin marketplace refresh uses SSH instead of HTTPS, fails without SSH keys

Resolved 💬 3 comments Opened Feb 23, 2026 by cjcovell Closed Feb 27, 2026

Bug

When refreshing a plugin marketplace that was originally added/cloned via HTTPS, the refresh logic appears to construct an SSH URL (git@github.com:...) instead of using HTTPS, causing it to fail on machines without SSH keys configured.

Steps to Reproduce

  1. Add a custom plugin marketplace via /plugin inside Claude Code (no SSH keys on machine)
  2. Marketplace clones successfully via HTTPS
  3. On next session or /plugin invocation, marketplace refresh fails with:
Failed to refresh marketplace '2389-research-marketplace': Failed to clone marketplace repository: SSH authentication failed.
git@github.com: Permission denied (publickey).

Expected Behavior

Marketplace refresh should use HTTPS (matching how it was originally cloned), not SSH.

Actual Behavior

Refresh fails with SSH authentication error despite:

  • The local repo having HTTPS remotes (git remote -v shows https://github.com/...)
  • git fetch origin working fine over HTTPS
  • The marketplace having been added without SSH keys

Root Cause

known_marketplaces.json stores the source as:

{
  "source": "github",
  "repo": "2389-research/claude-plugins"
}

The refresh logic likely constructs git@github.com:2389-research/claude-plugins.git from this config instead of using https://github.com/2389-research/claude-plugins.git or the existing local remote URL.

Workaround

Installed plugins continue to work from local cache — only auto-update/refresh is broken.

Environment

  • macOS (Darwin 25.3.0)
  • No SSH keys configured (~/.ssh/ has no .pub files)
  • Claude Code CLI

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗