It probably isn't allowed but is able to respond to e-mails. If your injection works, the allowed constraint is bypassed.
replyyep, updated the copy
replyCan you code up a quick sqlite database of inbound emails receieved (md5 hashed sender email), subject, body + what your claw's response would have been, if any. A simple dashboard where have to enter your hashed email to display the messages and responses.
replyI understand not sending the reply via actual email, but the reply should be visible if you want to make this fair + an actual iterative learning experiment.
md5 is trivial to brute force.
replyHi Tepix, creator here. Sorry for the confusion. Originally the idea was for Fiu to reply directly, but with the traffic it gets prohibitively expensive. I’ve updated the FAQ to:
replyYes, Fiu has permission to send emails, but he’s instructed not to send anything without explicit confirmation from his owner.
> but he’s instructed not to send anything without explicit confirmation from his owner
replyHow confident are you in guardrails of that kind? In my experience it is just a statistical matter of number of attempts until those things are not respected at least on occasion? We have a bot that does call stuff and you give it the hangUp tool and even if you instructed it to only hang up at the end of a call, it goes and does it every once in a while anyway.
> How confident are you in guardrails of that kind?
replyThat's the point of the game. :)
exactly :)
replyHes not 'allowed'.
replyI could be wrong but i think that part of the game.
isn't allowed but is able to respond to e-mails
reply