the point is to give it access to your email so it can do email things, putting it in a container stops it from rm -rf / but it doesn't stop it from, well, doing anything it can do with email
I hear a lot about people doing this but it really seems like it is prompt injection as a service. eventually the things that can happen when you give the world write access to an unattended LLM that can access both your browser and password reset mechanism will happen.
or someone will just make it email lewd pics to people’s bosses for the lols
It's a neat idea but it's not exactly plausible real world conditions to have an agent that pretty much exclusively spends its time wading through an email inbox that's 99% repeated prompt injection attempts. As the creator acknowledges in the original thread, its context/working memory is going to be unusually cognizant of prompt injection risk at any given time vs. a more typical helpful agent "mindset" while fulfilling normal day-to-day requests. Where a malicious prompt might be slipped in via any one of dozens of different infiltration points without the convenience of a static "prompt injection inbox".
Mostly because no one cares about trying to hack "hackmyclaw", there is zero value for any serious attacker to try. Why would they waste their time on a zero value target?
The only people who tried to hack "hackmyclaw" are casual attempts from HN readers when it was first posted.
Meanwhile, tons of actual OpenClaw users have been owned by malware which was downloaded as Skills.
Also, there have been plenty of actual examples of prompt injection working, including attacks on major companies. E.g. Superhuman was hacked recently via prompt injection.
I would never use it on my MacBook or any machine but I understand why technical people would want to experiment with something dangerous like that. It’s novel, exciting, and might inspire some real practical products in the future (not just highly experimental alpha software).
Kinesis freestyle is basically this, they seem to have discontinued the "Pro" mechanical version in favor of an RGB l337 gam3r one but maybe you can just leave that off
Yeah, honestly seems like that guy is looking for a scapegoat to blame for himself being lame. If you can't put work down and let loose, that's a you problem, not a technology problem.
“Ratty old” and “formal” are not
the only options. I dress mostly in techwear brands like Veilance, Outlier, and ACRNM, which is not ratty and old but is also very much not formal or uncomfortable.
sigh
reply