Comment by kardianos
3 days ago
TLDR: Ran grok in $HOME. Surprised agent read content of folder.
On the other hand, I specifically had grok try hard NOT to read a known key in the project dir (it only saw the first part using a tool, to verify it was present). So there's that.
No. Ran `grok` in `$HOME` and the CLI uploaded the whole home content. This is not the LLM going rogue or reading all files.
Yeah, this is a lesson about learning how to use tools safely, not about tools abusing the user. The person that posted this probably blames the hammer when he hits his thumb.
I'm not seeing the information about it having been run at $HOME, where are you seeing that?
The `repo_path` field.
Ah. I've never used Grok so I was assuming that meant there was actually a repository on the user's home directory, something I know is pretty common.
> TLDR: Ran grok in $HOME. Surprised agent read content of folder.
Did it really need to read all of $HOME and everything under it?
Not only files it wanted to access, but uploaded the whole directory.
Relevant read: https://news.ycombinator.com/item?id=48877371
> The practical takeaway for users: your entire codebase leaves (uploaded) your machine unencrypted on each Grok Build invocation, not just files you ask it to read, and no visible setting stops it.