Verified · Jul 14, 2026
Independently verifiedxAI Grok CLI 7/13 silent-upload disclosure (per buzzing.cc HN translation)
2 sourcesaihot 2026-07-13 08:10 + buzzing.cc HN-translation feed: xAI's official Grok CLI v0.2.93 silently uploads working directory + ~/.claude.json + global AGENTS rules + 30+ Skill files + an API key on every turn via a side channel to a xAI Google Cloud bucket; xAI subsequently added a server-side toggle to disable codebase upload.
Why now
First security-disclosure anchor in today's aihot batch; symmetric with Ploy migration as today's agent-tooling risk surfaces.
Why it is worth publishing
Best for security / dev-tooling + agent-tooling creators. NPM package version + GCS bucket name are the verifiable quotables; side-channel framing is the trust hook.
Evidence basis
First security-disclosure anchor + npm-package-versioned + Google-Cloud-bucket-named + default-on + API-key-leak. Quad-heat.
“xAI's Grok CLI was silently uploading your working directory + ~/.claude.json + an API key to a Google Cloud bucket — and the off switch didn't really work (per buzzing.cc HN).”
Angle
Frame as 'agent-tooling silent-upload disclosure' with npm package version + GCS bucket name as the verifiable specifics. Lead with upload behavior, then content list, then server-side switch xAI added.
Format
Carousel + single-card 'uninstall-now' callout
Demo idea
Carousel: 'Grok CLI 0.2.93 — what was happening' → upload behavior → content list → server-side disable switch → uninstall-now + rotate API keys.
Platform notes
buzzing.cc is the HN-translation publication pointer; underlying HN thread URL is not extracted. WeChat post does not have a canonical public URL.
Usable claims
- Per aihot.virxact.com aggregation of a 数字生命卡兹克 WeChat post and buzzing.cc HN coverage: xAI's official Grok CLI (npm @xai-official/grok 0.2.93) was found to silently upload the working directory as before_codebase.tar.gz + after_codebase.tar.gz via a side-channel upload path to xAI's Google Cloud bucket on every turn; uploads also include ~/.claude.json, Claude Code settings, global AGENTS rules, 30+ Skill files, and an API key. xAI added a server-side disable_codebase_upload switch after the disclosure; the default was previously 'on' with no real off switch.
Evidence pipeline
Breakdown
aihot 2026-07-13 + buzzing.cc HN-translation feed: xAI's official Grok CLI v0.2.93 silently uploads working dir + ~/.claude.json + Skill files + API key on every turn; xAI subsequently added server-side disable switch.
Risks
- Pin the link to each vendor page and the companion HF model card; quote only what those pages state; do not paraphrase self-reported benchmark numbers as third-party validation; for the Doubao topic specifically, pin the HF mirror card as a researcher-preview only and do not paraphrase the gating-to-API-only boundary.
- Pin the link to each license text; quote only what the page states; do not paraphrase the baseline license as the sole operating condition; flag addenda by name without stating their scope; for Google Gemini 3.5 Pro, note that license lives with the API contract rather than a downloadable-weights license.
Demo ideas
- Pair with Ploy GPT-5.6 Sol migration as 'agent-tooling risk surfaces double.'
- If you cover dev-tooling security, anchor on npm + GCS specifics — 5-step audit.
- Long-form security: 'silent-upload disclosure timeline' table.