[FEATURE] plugin install --config: support reading values from stdin to keep secrets out of process argv
Feature request
claude plugin install --config <key=value> is currently the only non-interactive way to set a plugin's userConfig value. For fields declared "sensitive": true (API tokens etc.), this forces the secret into the process argument list:
claude plugin install my-plugin@my-marketplace --config api_token="$TOKEN"
While the install runs, the fully-expanded secret is visible in ps aux / /proc/<pid>/cmdline to other processes, and — more importantly — EDR/audit tooling on managed machines commonly collects and durably retains process command lines, turning a transient exposure into a searchable plaintext record in central security logs.
Use case
Plugin setup skills where the agent registers a token on the user's behalf (e.g. read from the clipboard via pbpaste) so the token never enters the chat transcript. The interactive /plugin configure dialog avoids argv but cannot be driven by the agent; --config is agent-drivable but leaks via argv. There is currently no path that is both non-interactive and argv-free.
Proposal
Support reading a config value from stdin, e.g.:
pbpaste | claude plugin install my-plugin@my-marketplace --config api_token=@-
# or
pbpaste | claude plugin install my-plugin@my-marketplace --config-stdin api_token
Precedent: docker login --password-stdin (docker warns on --password for exactly this reason), gh auth login --with-token.
A file-reference form (--config api_token=@/path) would also work but stdin is the safer primitive (no cleanup needed).
Environment
- Claude Code 2.1.208, macOS (darwin 25.5.0)
- Observed while building a plugin whose setup skill registers a Slack user token via
plugin install --config
🤖 Generated with Claude Code