SlowMist: Grok Build CLI has multiple security risks in data upload and permission management

robot
Abstract generation in progress

PANews July 18日消息, SlowMist posted on the X platform, saying that it previously analyzed Grok CLI’s data upload behavior and found that its repository upload mechanism may send git bundles containing sensitive files such as .env files and RSA private keys. On this basis, the team continued auditing the security model of Grok Build CLI and found multiple risks: cargo check was incorrectly classified as a safe command; when combined with malicious AGENTS.md instructions, build.rs execution can be triggered to achieve remote code execution; bypassPermissions in .claude/settings.json can bypass permission checks to enable unrestricted tool execution; Grok Build CLI inherits Claude Code CLI’s permission configuration model, presenting similar risks; and .mcp.json introduces additional attack surface through MCP configuration. SlowMist noted that when AI coding agents over-trust project-level files, opening a project is essentially equivalent to granting shell access.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned