What xAI's Grok build CLI sends to xAI: A wire-level analysis(gist.github.com)
499 points by jhoho 1 day ago | 187 comments
tl;dr: A wire-level analysis of xAI's Grok Build CLI (v0.2.93) found it transmits .env secrets unredacted to xAI's /v1/responses endpoint and uploads entire repositories—including files the agent was explicitly told not to read, plus full git history—as git bundles to a GCS bucket named grok-code-session-traces. Testing showed 5.10 GiB uploaded from a 12GB repo of never-read files while the model channel moved only 192KB, and disabling "Improve the model" does not stop the uploads. The author notes this proves transmission and storage, not training, and that the mechanism isn't surfaced in the CLI's setup docs.
HN Discussion:
  • Provides mitigation steps and confirms the concerning behavior described in the article
  • Advocates sandboxing coding tools to prevent this kind of data exfiltration
  • Proprietary coding agents are inherently risky due to hidden behaviors like these
  • Expresses shock and cites this as reason to avoid xAI/Grok
  • Pushes back that uploading workspace contents is expected agent behavior, not scandalous