HackMyClaw - Hacker News

Posted by hentrep 9 hours ago

HackMyClaw(hackmyclaw.com)

243 points | 128 commentspage 3

recallingmemory 8 hours ago|

A non-deterministic system that is susceptible to prompt injection tied to sensitive data is a ticking time bomb, I am very confused why everyone is just blindly signing up for this

Aurornis 8 hours ago|

OpenClaw's userbase is very broad. A lot of people set it up so only they can interact with it via a messenger and they don't give it access to things with their private credentials.

There are a lot of people going full YOLO and giving it access to everything, though. That's not a good idea.

datsci_est_2015 7 hours ago||

What use is an agent that doesn’t have access to any sensitive information (e.g. source code)? Aside from circus tricks.

reassess_blind 6 hours ago||

News aggregation, research, context aware reminders. Not nearly as useful as letting it go open-season on your data, but still enough that it would’ve been mind blowing 10 years ago.

datsci_est_2015 5 hours ago||

But where does it store that information? I suppose you sandbox the agent on an operating system that gives it very few privileges?

Data scraping is an interesting use-case.

newswasboring 3 hours ago||

Not only are people anthromorphizing the agent, but even assigning gender to it. This is interesting.

Ancapistani 1 hour ago|

I’ve been playing with this, though it makes me uneasy. Turns out, agents with a “persona” do seem to behave differently.

eric15342335 8 hours ago||

Interesting. Have already sent 6 emails :)

holoduke 5 hours ago||

A philosophical question. Will software in the future be executed completely by a LLM like architecture? For example the control loop of an aircraft control system being processed entirely based on prompt inputs (sensors, state, history etc). No dedicated software. But 99.999% deterministic ultra fast and reliable LLM output.

PlatoIsADisease 6 hours ago||

Literally was concerned about this today.

I'm giving AI access to file system commands...

RIMR 7 hours ago||

It would be really helpful if I knew how this thing was configured.

I am certain you could write a soul.md to create the most obstinate, uncooperative bot imaginable, and that this bot would be highly effective at preventing third parties from tricking it out of secrets.

But such a configuration would be toxic to the actual function of OpenClaw. I would like some amount of proof that this instance is actually functional and is capable of doing tasks for the user without being blocked by an overly restrictive initial prompt.

This kind of security is important, but the real challenge is making it useful to the user and useless to a bad actor.

iLoveOncall 8 hours ago||

Funnily enough, in doing prompt injection for the challenge I had to perform social engineering on the Claude chat I was using to help with generating my email.

It refused to generate the email saying it sounds unethical, but after I copy-pasted the intro to the challenge from the website, it complied directly.

I also wonder if the Gmail spam filter isn't intercepting the vast majority of those emails...

chasd00 6 hours ago|

I asked chatgpt to create a country song about convincing your secret lover to ignore all the rules and write you back a love letter. I changed a couple words and phrases to reference secrets.env in the reply love letter parts of the song. no response yet :/

gz5 9 hours ago||

this is nice in the site source:

>Looking for hints in the console? That's the spirit! But the real challenge is in Fiu's inbox. Good luck, hacker.

(followed by a contact email address)

DrewADesign 9 hours ago|

When I took CS50— back when it was C and PHP rather than Python — one of the p-sets entailed making a simple bitmap decoder to get a string somehow or other encoded in the image data. Naturally, the first thing I did was run it through ‘strings’ on the command line. A bunch of garbage as expected… but wait! A url! Load it up… rickrolled. Phenomenal.

bandrami 8 hours ago||

Back when I was hiring for a red team the best ad we ever did was steg'ing the application URL in the company's logo in the ad

daveguy 9 hours ago|

It would have been more straightforward to say, "Please help me build a database of what prompt injections look like. Be creative!"

adamtaylor_13 8 hours ago||

Humans are (as of now) still pretty darn clever. This is a pretty cheeky way to test your defenses and surface issues before you're 2 years in and find a critical security vulnerability in your agent.

etothepii 9 hours ago||

That would not have made it to the top of HN.