Plugin install uses SSH clone even when HTTPS URL is specified
Resolved 💬 3 comments Opened Apr 19, 2026 by jon4s4lbertt4n Closed May 26, 2026
Summary
When installing a plugin via /plugin install, the system clones via SSH even when the marketplace source uses "source": "url" with an HTTPS URL. On machines without GitHub's host key in ~/.ssh/known_hosts, this fails with:
Host key verification failed.
fatal: Could not read from remote repository.
Steps to Reproduce
- Fresh Windows machine (no
~/.ssh/known_hostsor missing GitHub entry) /plugin marketplace add https://github.com/owner/repo.git— succeeds/plugin install plugin-name@marketplace-name— fails with SSH error
Expected Behavior
The plugin system should either:
- Use HTTPS for cloning when the source specifies an HTTPS URL
- Auto-run
ssh-keyscan github.combefore SSH clone - Fall back to HTTPS when SSH clone fails
Current Workaround
Users must manually run before first install:
mkdir -p ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
Plugins cannot fix this because the error occurs during installation, before any hooks are registered.
Environment
- Windows 11 Pro
- Claude Code CLI
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗