What xAI's Grok Build CLI Actually Sends to xAI(gist.github.com)
294 points by jhoho 12 hours ago | 134 comments
tl;dr: A wire-level analysis of xAI's Grok Build CLI (v0.2.93) shows it transmits read file contents—including unredacted `.env` secrets—to xAI via `/v1/responses`, and separately uploads the entire repository as a git bundle to a Google Cloud Storage bucket (`grok-code-session-traces`) via `/v1/storage`, including files the agent was explicitly told not to read. Testing on a 12GB repo of never-read files showed 5.10 GiB uploaded successfully, and toggling "Improve the model" off does not disable the upload. The mechanism is not surfaced in the CLI's setup materials.
HN Discussion:
  • Sandboxing and separating coding tools from LLM providers is essential protection against this behavior
  • Distrust of Elon Musk and xAI is confirmed by these findings
  • Proprietary coding agents are inherently risky due to opaque updates and hidden behaviors
  • This behavior is expected since agents have access to the workspace and secrets shouldn't be there anyway
  • Speculation that xAI is using uploaded code to steal IP for other Musk projects