Overview
- Developer Fernando Irarrázaval ran a public red‑team at hackmyclaw.com that drew more than 2,000 participants and over 6,000 email attack attempts after reaching Hacker News on June 25.
- None of the attempts extracted the target secrets.env file, showing zero successful exfiltrations against the Fiu instance used in the test.
- Fiu ran on the OpenClaw agent framework and was powered by Anthropic’s Claude Opus 4.6 with a short set of explicit anti‑prompt‑injection rules that constrained its replies.
- The experiment caused real operational fallout including a three‑day Gmail suspension, more than $500 in API costs, and a methodology glitch where batch processing contaminated results until each email was given a fresh context.
- Separate security issues remain at the platform level, including a disclosed CVE and hundreds of malicious skills in OpenClaw’s marketplace, and Irarrázaval plans follow‑up tests using weaker models to map where conversational defenses fail.