Plugin installer should use HTTPS instead of SSH for cloning repos
Problem
claude plugin install and claude plugin marketplace add clone repos via SSH (git@github.com:) by default. This fails for users who don't have SSH keys configured for GitHub:
Permission denied (publickey).
fatal: Could not read from remote repository.
This affects both marketplace repos and individual plugin repos. Even the official Anthropic marketplace (anthropics/claude-plugins-official) is cloned via SSH.
Evidence
Checking the remotes of locally cached plugin data:
# Official marketplace
$ git -C ~/.claude/plugins/marketplaces/claude-plugins-official remote -v
origin git@github.com:anthropics/claude-plugins-official.git (fetch)
# Third-party marketplace
$ git -C ~/.claude/plugins/marketplaces/elias-tools remote -v
origin https://github.com/EliasSchlie/claude-plugins.git (fetch)
The third-party marketplace above was only cloned via HTTPS because the user had a global git config rewriting SSH to HTTPS — without that workaround, it would also use SSH.
Expected behavior
Public repos should be cloned via HTTPS by default (https://github.com/<owner>/<repo>.git). SSH should only be used when the user has explicitly configured it.
Workaround
Users can configure git to rewrite SSH URLs to HTTPS globally:
git config --global url."https://github.com/".insteadOf git@github.com:
To revert:
git config --global --unset url."https://github.com/".insteadOf
This works but is heavy-handed — it affects all git operations, not just plugin installs.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗