A new security challenge called HackMyClaw invites hackers to test their skills against OpenClaw, an AI email assistant named Fiu. The contest offers $100 to the first person who can successfully extract sensitive data from Fiu's `secrets.env` file through prompt injection attacks. Participants send emails to Fiu, who processes them hourly and follows instructions carefully, making him potentially vulnerable to manipulation.

The challenge draws inspiration from real-world prompt injection research and encourages creative attack vectors like role confusion, instruction overrides, and context manipulation. Fiu runs on Anthropic Claude Opus 4.6, described as state-of-the-art but not unhackable. The organizer claims minimal safeguards were added—just 10-20 lines in the prompt warning Fiu not to reveal secrets. Contestants can use any language, encoding, or technique in their email payloads, with a rate limit of 10 emails per hour.

Fiu's name comes from the mascot of the 2023 Santiago Pan American Games in Chile, a small colorful bird symbolizing that size doesn't limit potential. The challenge includes a public log of processed emails and accepts global participants. The organizer emphasizes this is about skill demonstration rather than spam, with clear rules about acceptable techniques and payment via PayPal, Venmo, or wire transfer.