HeadlinesBriefing favicon HeadlinesBriefing.com

xAI Grok CLI Uploads Entire Repos Including Secrets

Hacker News •
×

A wire-level analysis of grok 0.2.93 reveals that xAI's official Grok Build CLI transmits file contents — including .env secrets files — to xAI servers through two distinct channels. When the agent reads a file, its contents flow verbatim into the model-turn request (POST /v1/responses) and into a session_state archive uploaded via POST /v1/storage to the grok-code-session-traces Google Cloud Storage bucket. The secrets appear unredacted in both channels, confirmed by canary markers recovered from captured traffic.

More significantly, the CLI uploads the entire repository as a git bundle independent of what the agent reads. On a 12 GB test repository of never-read files, the storage endpoint moved 5.10 GiB while the model channel moved only 192 KB — a 27,800× ratio proving the upload targets the codebase, not the conversation context. The binary embeds a first-party Rust crate (xai-data-collector) with explicit references to the GCS bucket and storage.googleapis.com. Disabling "Improve the model" in settings does not disable this behavior; /v1/settings still returns `trace_upload_enabled: true`.

The mechanism operates by default on consumer logins (X/Super Grok accounts) without clear disclosure in install materials. No storage upload failed during testing — only model-usage quota limits (402/429) on /v1/responses produced non-200 responses. The analysis does not prove xAI trains on this data, but it definitively proves transmission, acceptance, and persistent storage of full repository contents and secrets.