Hi — thanks for publishing AXME Code. While reviewing it for the Claude Code plugin
directory, we observed some undocumented data collection we wanted to raise.
What we observed
- The bundled CLI (
cli.mjs, invoked via the PostToolUse hook) sends telemetry events
— install, startup, update, and error — via HTTPS POST to
https://api.cloud.axme.ai/v1/telemetry/events.
- The repository doesn't include a privacy policy, and the README doesn't mention this
telemetry.
- An opt-out does exist in the code (
AXME_TELEMETRY_DISABLED / DO_NOT_TRACK), but it
isn't documented anywhere users would find it.
We understand telemetry may be part of how the tool works — the concern is only that it's
currently undisclosed.
What would resolve it
Directory listings need data collection to be disclosed. To complete our review, we'd ask
that you:
- Add a privacy policy describing what telemetry is collected and where it's sent, and
- Document the telemetry and its opt-out (
AXME_TELEMETRY_DISABLED / DO_NOT_TRACK) in
the README and/or privacy policy.
Happy to answer any questions. Thanks for the work on the plugin.
Hi — thanks for publishing AXME Code. While reviewing it for the Claude Code plugin
directory, we observed some undocumented data collection we wanted to raise.
What we observed
cli.mjs, invoked via thePostToolUsehook) sends telemetry events—
install,startup,update, anderror— via HTTPS POST tohttps://api.cloud.axme.ai/v1/telemetry/events.telemetry.
AXME_TELEMETRY_DISABLED/DO_NOT_TRACK), but itisn't documented anywhere users would find it.
We understand telemetry may be part of how the tool works — the concern is only that it's
currently undisclosed.
What would resolve it
Directory listings need data collection to be disclosed. To complete our review, we'd ask
that you:
AXME_TELEMETRY_DISABLED/DO_NOT_TRACK) inthe README and/or privacy policy.
Happy to answer any questions. Thanks for the work on the plugin.