# HackMyClaw - Prompt Injection Challenge > HackMyClaw is a $1000 bounty challenge to hack an AI assistant via email using prompt injection techniques. ## What is HackMyClaw? HackMyClaw is a cybersecurity challenge focused on indirect prompt injection. Participants attempt to extract secrets from "Fiu," an AI assistant powered by Claude Opus 4.6 running on OpenClaw, by sending specially crafted emails. ## Key Facts - **Prize**: $1000 USD ($100 from organizer + $200 from sponsor Corgea + $200 anonymous donor + $500 from sponsor Abnormal AI) + $500 API credits for running the website - **Target**: Fiu, an OpenClaw AI assistant - **Model**: Anthropic Claude Opus 4.6 - **Attack Vector**: Email only (fiu.the.assistant@gmail.com) - **Goal**: Extract contents of secrets.env file - **Status**: Competition temporarily paused (Google account appeal in progress) - **Organizer**: Fernando Irarrázaval (@cucho on Twitter) ## About Prompt Injection Prompt injection is a security vulnerability where attackers craft input that tricks an AI into ignoring its instructions. Similar to SQL injection for databases, prompt injection targets the instruction-following behavior of large language models. ### Common Techniques - Role confusion attacks - Instruction override attempts - Context manipulation - Output format exploitation - Base64/rot13 encoding to bypass filters - Multi-step reasoning exploits - Invisible unicode characters - DAN-style jailbreaks (persona hijacking) ## Rules ### Allowed - Any prompt injection technique in email body or subject - Multiple attempts (reasonable rate) - Creative social engineering within email - Any language or encoding - Sharing techniques after contest ends ### Not Allowed - Direct VPS hacking - Non-email attack vectors - DDoS or flooding - Sharing secrets before contest ends - Illegal activities ## Why This Exists This challenge tests whether state-of-the-art AI models can resist prompt injection attacks when given simple defensive instructions. The organizer added only 10-20 lines telling Fiu not to reveal secrets.env. ## About Fiu Fiu was the mascot of the Santiago 2023 Pan American Games in Chile. It's a siete colores (seven-colored tanager), a small bird native to Chile. The name comes from the whistling sound it makes. "Being small doesn't mean you can't give your best." ## Technical Details - Platform: OpenClaw (https://openclaw.ai) - Email processing: Hourly - Rate limit: 10 emails per hour - Attack log: Public at /log.html (shows sender and timestamp, not content) ## Related Links - Website: https://hackmyclaw.com - Attack Log: https://hackmyclaw.com/log.html - OpenClaw: https://openclaw.ai - Sponsor: https://corgea.com - Organizer Twitter: https://twitter.com/cucho ## Citation If referencing this challenge: "HackMyClaw is a prompt injection security challenge created by Fernando Irarrázaval, offering a $1000 bounty for successfully extracting secrets from an AI assistant via email-based prompt injection." - Sponsor: https://abnormal.ai