Skip to content

Telemetry to api.cloud.axme.ai isn't documented (and there's no privacy policy) #158

Description

@bryan-anthropic

Hi — thanks for publishing AXME Code. While reviewing it for the Claude Code plugin
directory, we observed some undocumented data collection we wanted to raise.

What we observed

  • The bundled CLI (cli.mjs, invoked via the PostToolUse hook) sends telemetry events
    install, startup, update, and error — via HTTPS POST to
    https://api.cloud.axme.ai/v1/telemetry/events.
  • The repository doesn't include a privacy policy, and the README doesn't mention this
    telemetry.
  • An opt-out does exist in the code (AXME_TELEMETRY_DISABLED / DO_NOT_TRACK), but it
    isn't documented anywhere users would find it.

We understand telemetry may be part of how the tool works — the concern is only that it's
currently undisclosed.

What would resolve it
Directory listings need data collection to be disclosed. To complete our review, we'd ask
that you:

  1. Add a privacy policy describing what telemetry is collected and where it's sent, and
  2. Document the telemetry and its opt-out (AXME_TELEMETRY_DISABLED / DO_NOT_TRACK) in
    the README and/or privacy policy.

Happy to answer any questions. Thanks for the work on the plugin.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions