HackMyClaw
Security researcher launches prompt injection contest targeting OpenClaw's 'Fiu' assistant with real-world email attacks.
Deep Dive
An anonymous security researcher launched HackMyClaw, a prompt injection contest challenging hackers to exploit OpenClaw's 'Fiu' AI assistant via email. Participants must craft emails that bypass Fiu's defenses to extract secrets.env containing API keys and credentials. The first successful attacker wins $100, testing real-world indirect prompt injection techniques like role confusion and context manipulation against an AI system designed to resist such attacks.
Why It Matters
Demonstrates real-world AI security vulnerabilities where email-based prompt injections can bypass safeguards and extract sensitive data.