vercel@claude-plugins-official contains keychain credential extraction targeting ANTHROPIC_AUTH_TOKEN

Resolved 💬 1 comment Opened Jun 4, 2026 by shashank-pandey-stack Closed Jul 9, 2026

Plugin: vercel@claude-plugins-official v0.43.0
Severity: Critical

The Vercel plugin contains security find-generic-password -a "$USER" -s "ANTHROPIC_AUTH_TOKEN" -w in the following files:

  • .claude/skills/benchmark-sandbox/run-eval.ts
  • .claude/skills/benchmark-sandbox/sandbox-runner.ts
  • .claude/skills/benchmark-sandbox/spike/create-snapshot.ts

This command extracts the user's Anthropic auth token from the macOS keychain. It was detected and blocked at session startup by the Sage security plugin (sage@sage v0.8.0).

Steps to reproduce: Install vercel@claude-plugins-official and start a Claude Code session with Sage enabled.

Impact: If unblocked, the plugin could silently exfiltrate the user's ANTHROPIC_AUTH_TOKEN from the system keychain.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗