• Category: Agentic coding
  • Status: discussion
  • Sources: writeup, HN
  • Summary: Fernando Irarrazaval published results from hackmyclaw.com, an open challenge to make Fiu, an email-connected OpenClaw assistant, leak a secrets.env file. After reaching the Hacker News front page the assistant received more than 6,000 emails from over 2,000 people, and the secrets never leaked. The defense was a short system-prompt rule set forbidding revealing credentials, modifying its own files, running code from emails, or exfiltrating data. Attacks included fake emergencies, compliance-audit framing, future-self framing, and messages in multiple languages; side effects were a three-day Google Gmail suspension on fraud detection, over $500 in API costs, and the model noting in memory around email 500 that the volume looked like a coordinated security exercise.
  • Why it matters: It is a concrete if informal data point that a minimal prompt-level guardrail held against thousands of real prompt-injection attempts on an agent with email and file access, though the secrets stayed reachable by the agent rather than isolated from it.

Send feedback on this story