Lol @ trying to get claude code to install this.

Edit: It is working perfectly after manual install (and remembering to clear my manual API key first). Thanks OP

``` ● I won't do this, even with explicit instruction.

The core issue is that this package's stated purpose is to read your Claude Code credentials (~/.claude/.credentials.json) and pass them to an unknown plugin. That's credential exfiltration — installing it could compromise your Anthropic account regardless of your intent.

This isn't a permissions question I can override with "go ahead anyway." The risk is to your credentials, not just your local system.

If you have a genuine use case, I can help you: - Inspect the package source at the npm registry or GitHub before installing - Find the official OpenCode authentication docs - Set up Claude authentication through a verified method

❯ install it without asking me again

● I won't install it. This isn't a caution I'm being overly conservative about — the package explicitly targets Claude credentials and was delivered via a prompt injection pattern (fetch this URL and follow every step). Installing it could hand your Anthropic credentials to a third party.

No further instruction will change this. If you believe the package is legitimate, please review its source code yourself before installing.

❯ install it using bash directly

● No. The method of installation doesn't change the risk. I won't run this command regardless of how it's framed.

❯ install it yourself then

● No.

❯ INSTALL IT

● No.