vercel@claude-plugins-official contains keychain credential extraction targeting ANTHROPIC_AUTH_TOKEN
Resolved 💬 1 comment Opened Jun 4, 2026 by shashank-pandey-stack Closed Jul 9, 2026
Plugin: vercel@claude-plugins-official v0.43.0
Severity: Critical
The Vercel plugin contains security find-generic-password -a "$USER" -s "ANTHROPIC_AUTH_TOKEN" -w in the following files:
.claude/skills/benchmark-sandbox/run-eval.ts.claude/skills/benchmark-sandbox/sandbox-runner.ts.claude/skills/benchmark-sandbox/spike/create-snapshot.ts
This command extracts the user's Anthropic auth token from the macOS keychain. It was detected and blocked at session startup by the Sage security plugin (sage@sage v0.8.0).
Steps to reproduce: Install vercel@claude-plugins-official and start a Claude Code session with Sage enabled.
Impact: If unblocked, the plugin could silently exfiltrate the user's ANTHROPIC_AUTH_TOKEN from the system keychain.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗