Analysis of What xAI Grok Build CLI Sends
A detailed analysis of what xAI Grok Build CLI sends, including important findings about secret information and file contents.
xAI's Grok Build CLI transmits file contents and secret information to xAI during user logins. The analysis reveals exactly what data is sent and through which channels. Notably, it was found that secret information is transmitted without redaction, and the entire repository content is uploaded.
This poses a significant issue for engineers as user confidentiality is at risk. Additionally, the default settings of the CLI do not prevent such data transmissions, implying that users may unknowingly share their data. These findings highlight the need for greater attention to data security and privacy in software development processes.