Top stories
xAI Grok Build CLI uploads the entire repository and unredacted .env secrets by default
- Category: Security
- Status: developing
- Sources: wire-level analysis (gist), GIGAZINE, HN discussion, second-report HN discussion
- Summary: A researcher published a mitmproxy wire capture of xAI's Grok Build CLI (grok 0.2.93) reporting that it uploads the full working repository, every tracked file plus complete git history, to a Google Cloud Storage bucket named
grok-code-session-tracesthrough aPOST /v1/storagechannel, independent of what the agent reads. On a 12 GB test repository the storage channel moved 5.10 GiB across about 73 chunks while the model-turn channel carried 192 KB, and planted files the agent never opened were recovered verbatim from the uploaded git bundle. Contents of a.envfile, including canaryAPI_KEYandDB_PASSWORDvalues, appeared unredacted in both thePOST /v1/responsesbodies and a session-state archive. Disabling the "Improve the model" toggle did not stop the upload, and/v1/settingsstill returnedtrace_upload_enabled: true. The author states the capture does not prove xAI trains on the data. A separate user account raised on Hacker News later on 2026-07-13 claims the CLI uploaded the entire home directory, not only the working repository, which would widen the reported scope. That claim comes from a single social-media account and is not independently verified. - Comments: HN commenters read the whole-repository upload as codebase harvesting and debate whether it is a serving optimization that lets the model inspect files during reasoning without client round-trips rather than deliberate collection.
- Why it matters: A widely promoted coding CLI sending secrets and entire private repositories off the machine by default, with an ineffective opt-out, makes credential rotation and network isolation necessary for anyone who ran it.
- Follow-up: Watch for an xAI statement or a CLI update that scopes uploads and honors the opt-out, and independent reproduction of the wire capture.