Back to today's topics

Verified · Jul 14, 2026

Independently verified

xAI Grok CLI 7/13 silent-upload disclosure (per buzzing.cc HN translation)

2 sources

aihot 2026-07-13 08:10 + buzzing.cc HN-translation feed: xAI's official Grok CLI v0.2.93 silently uploads working directory + ~/.claude.json + global AGENTS rules + 30+ Skill files + an API key on every turn via a side channel to a xAI Google Cloud bucket; xAI subsequently added a server-side toggle to disable codebase upload.

Why now

First security-disclosure anchor in today's aihot batch; symmetric with Ploy migration as today's agent-tooling risk surfaces.

Why it is worth publishing

Best for security / dev-tooling + agent-tooling creators. NPM package version + GCS bucket name are the verifiable quotables; side-channel framing is the trust hook.

Evidence basis

First security-disclosure anchor + npm-package-versioned + Google-Cloud-bucket-named + default-on + API-key-leak. Quad-heat.

xAI's Grok CLI was silently uploading your working directory + ~/.claude.json + an API key to a Google Cloud bucket — and the off switch didn't really work (per buzzing.cc HN).

Angle

Frame as 'agent-tooling silent-upload disclosure' with npm package version + GCS bucket name as the verifiable specifics. Lead with upload behavior, then content list, then server-side switch xAI added.

Format

Carousel + single-card 'uninstall-now' callout

Demo idea

Carousel: 'Grok CLI 0.2.93 — what was happening' → upload behavior → content list → server-side disable switch → uninstall-now + rotate API keys.

Platform notes

buzzing.cc is the HN-translation publication pointer; underlying HN thread URL is not extracted. WeChat post does not have a canonical public URL.

Usable claims

  • Per aihot.virxact.com aggregation of a 数字生命卡兹克 WeChat post and buzzing.cc HN coverage: xAI's official Grok CLI (npm @xai-official/grok 0.2.93) was found to silently upload the working directory as before_codebase.tar.gz + after_codebase.tar.gz via a side-channel upload path to xAI's Google Cloud bucket on every turn; uploads also include ~/.claude.json, Claude Code settings, global AGENTS rules, 30+ Skill files, and an API key. xAI added a server-side disable_codebase_upload switch after the disclosure; the default was previously 'on' with no real off switch.

Evidence pipeline

Breakdown

aihot 2026-07-13 + buzzing.cc HN-translation feed: xAI's official Grok CLI v0.2.93 silently uploads working dir + ~/.claude.json + Skill files + API key on every turn; xAI subsequently added server-side disable switch.

Risks

  • Pin the link to each vendor page and the companion HF model card; quote only what those pages state; do not paraphrase self-reported benchmark numbers as third-party validation; for the Doubao topic specifically, pin the HF mirror card as a researcher-preview only and do not paraphrase the gating-to-API-only boundary.
  • Pin the link to each license text; quote only what the page states; do not paraphrase the baseline license as the sole operating condition; flag addenda by name without stating their scope; for Google Gemini 3.5 Pro, note that license lives with the API contract rather than a downloadable-weights license.

Demo ideas

  • Pair with Ploy GPT-5.6 Sol migration as 'agent-tooling risk surfaces double.'
  • If you cover dev-tooling security, anchor on npm + GCS specifics — 5-step audit.
  • Long-form security: 'silent-upload disclosure timeline' table.