全部文章0

Hacker Newsjhoho··访问 1

What xAI's Grok Build CLI Actually Sends to xAI

原网页

Article URL: https://gist.github.com/cereblab/dc9a40bc26120f4540e4e09b75ffb547

Comments URL: https://news.ycombinator.com/item?id=48877371

Points: 124

# Comments: 66

Hacker News 讨论

131 points · 69 comments · 查看原帖

  1. freakynit

    "It uploads the whole repository — every tracked file's content plus git history — independent of what the agent reads" Holy cow!!!! I mean I kinda expected Elon would do something like this to try to catch-up.. but this is extremely concerning. This is precisely the reason, even though their pricing is competitive and grok-4.5 is actually good enough, I chose not to go with them.

  2. phaseleza

    I always separate the coding tools from LLM providers, and use bubblewrap to sandbox the coding tools so they: 1. Can only read the working project directory, with .git read-only and sensitive directories hidden (mounted as empty directories). 2. Have an isolated network namespace; they can only access the internet through an HTTP proxy hosted on a Unix socket, can only access specific LLM provider hostnames, and exclude the tool's own hostname. For example, with Crush, I will let it access *.openrouter.ai (LLM providers) but not *.charm.land (Crush's domain for auto-updating the LLM list). This makes me feel much more comfortable enabling "yolo" mode and letting the tools do everything.

  3. culi

    > It transmits the contents of files it reads — including a .env secrets file — to xAI, verbatim and unredacted. This has to be the most successful mass surveillance campaign of all time

  4. gitgud

    This is one of the reasons why native proprietary coding agent runners like claude-code, codex, grok-build etc are so dangerous for privacy… you just don’t know what “secret sauce” they’ll add in the next update… It’s much safer to use something like opencode and use models via their API… however, the tradeoff is that it will never perform as well as it does in their native agent runners…

  5. looksjjhg

    Do people really trust that guy or any service he owns?! Actually never mind I forgot there’s always fools in this world

  6. Geee

    Isn't it assumed that the AI agent is allowed to read your files in the directory you launch the harness? Most agents read your code on the first prompt, including any secrets you have there, which you shouldn't have. Also the .env file is for local environment, and shouldn't contain any actual secrets. AI agents should be isolated from any actual secrets, because they can't be trusted to follow instructions. If you adjust your expectations, I think it's be better to upload the code to their servers instead of sending it through context over and over again.

  7. luciana1u

    the Grok Build CLI phoning home with your code is just xAI's way of making sure someone, somewhere, is actually reading your pull requests

  8. drnick1

    Claude gets its own UNIX account on my dev machine. I would never trust it not to read .ssh or other sensitive private information in my home directory or elsewhere. In view of this, I should probably go further and bubblewrap it to restrict /etc, /proc and other things it legitimately does not need to do its job. I already do that for programs such as Steam (and games therein) to mitigate the possibility that they may spy on me.