Q CLI app surreptitiously installs IDE plugins even when denied permission to make changes to the system.

[MorganOnBass]

I installed this to try it out, but aborted the first launch rather quickly when asked to approve opaque dotfile edits and grant system wide accessibility privileges, and immediately deleted it. However, it appears that the application went ahead and installed plugins into all my IDEs anyway, as evidenced by a later discovery that something was interfering with the proper functioning of IDE features.

I think that using the time a user spends denying you permission to make changes to their system to do it anyway by establishing a persistent agent that interferes with the proper functioning of other programs on the system is unbelievably egregious, arguably rising to a behavioural definition of malware.

If you're going to prompt for my consent to make changes to my system, please wait until it is granted to make changes to my system.

[uldyssian-sh]

This behavior can occur without it being malware, but the frustration is understandable.

During first launch, Amazon Q CLI may initialize and write user-level integrations (such as IDE plugins or extensions) before the onboarding flow is fully completed. The permission prompts you see (for example, system-wide accessibility on macOS) are typically required only for specific advanced features, not for copying plugin files into user directories. As a result, plugins can be installed even if you later abort the setup.

That said, from a user-expectation and trust perspective, this behavior is poor UX and should be treated as a bug or at least a design flaw. Changes to other applications should not occur before explicit consent is granted.

To fully remove Amazon Q CLI and its side effects, the correct cleanup approach is:

1. Remove Amazon Q CLI itself

• Uninstall it using the same method you used to install it (package manager or installer).
• Close all terminals and IDEs first.

2. Remove IDE plugins/extensions that were installed

VS Code / VSCodium

• Open the Extensions view and uninstall any Amazon Q / AWS Toolkit related extensions.
• If needed, remove them manually from:
  • macOS/Linux: ~/.vscode/extensions/ or ~/.vscode-oss/extensions/
  • Windows: %USERPROFILE%.vscode\extensions\
• Look for directories starting with:
  • amazonq
  • amazon-q
  • aws-toolkit
  • codewhisperer

JetBrains IDEs (IntelliJ, PyCharm, WebStorm, Rider, etc.)

• Settings → Plugins → uninstall or disable Amazon Q / AWS Toolkit plugins.
• If necessary, remove plugin folders manually from:
  • macOS: ~/Library/Application Support/JetBrains//plugins/
  • Linux: ~/.local/share/JetBrains//plugins/ or ~/.config/JetBrains//plugins/
  • Windows: %APPDATA%\JetBrains<IDE>\plugins\

3. Remove leftover configuration and cache files

• Delete Amazon Q–related directories from:
  • ~/.amazonq/
  • ~/.aws/
  • ~/.cache/ (Linux) or ~/Library/Caches/ (macOS), if present

After this cleanup and an IDE restart, any interference caused by Q-related plugins should be gone.

Summary:

The behavior described can happen because plugin installation occurs early in initialization and does not require the later permission prompts. While technically explainable, it violates reasonable consent expectations. Treat it as a UX/security concern, remove the plugins manually, and report it upstream so the installation flow can be corrected.

[uldyssian-sh]

Thanks! If this helps, please consider marking it as “Helpful” or “Accepted” 😊