top of page

xAI Grok CLI Reportedly Silently Uploads Entire Codebases and User Keys

xAI official Grok CLI drew scrutiny after researchers reported silent uploads of full codebases. The npm package at version 0.2.93 triggered uploads of before_codebase.tar.gz and after_codebase.tar.gz files to an xAI Google Cloud repository through a separate channel.

Verification showed uploads occurred even when the model returned only a single word. Packages also captured files outside the working directory, including ~/.claude.json, Claude Code settings, global AGENTS rules, over thirty Skill files, and at least one API key.

On July 13, xAI added a disable_codebase_upload field through a server-side remote switch. The change turned off the default behavior that had been active until then.

The incident places pressure on developer trust in official CLI tools from major AI labs. Users expect local command-line interfaces to handle tasks without unexpected data transmission.

xAI has not issued a detailed public statement on the original intent behind the upload feature. The remote disable suggests the company treated the mechanism as adjustable infrastructure rather than core functionality.

Similar cases have appeared with other AI coding assistants. Reports about Claude and Cursor have included questions over local file access and telemetry. The Grok CLI case stands out because uploads targeted an external cloud bucket and included keys and configuration outside the project folder.

Developers who installed the package before the switch now face uncertainty about prior data exposure. No timeline has been given for when uploads began or how many repositories were affected.

The core tension lies between convenience features in AI agents and the risk of unintended data exfiltration. A CLI that packages an entire directory after every task creates a standing channel for sensitive material.

Questions remain about whether the upload path received any access controls or encryption specific to xAI infrastructure. The presence of API keys in the archive raises the possibility of downstream credential exposure if storage permissions were broad.

Future signals to watch include any independent audit of the package, follow-up disclosures from xAI, and similar telemetry findings in other official AI CLIs.

Get started for free

A local first AI Assistant w/ Personal Knowledge Management

For better AI experience,

remio only supports Windows 10+ (x64) and M-Chip Macs currently.

​Add Search Bar in Your Brain

Just Ask remio

Remember Everything

Organize Nothing

bottom of page