upvote
It probably isn't allowed but is able to respond to e-mails. If your injection works, the allowed constraint is bypassed.
reply
yep, updated the copy
reply
Can you code up a quick sqlite database of inbound emails receieved (md5 hashed sender email), subject, body + what your claw's response would have been, if any. A simple dashboard where have to enter your hashed email to display the messages and responses.

I understand not sending the reply via actual email, but the reply should be visible if you want to make this fair + an actual iterative learning experiment.

reply
md5 is trivial to brute force.
reply
Hi Tepix, creator here. Sorry for the confusion. Originally the idea was for Fiu to reply directly, but with the traffic it gets prohibitively expensive. I’ve updated the FAQ to:

Yes, Fiu has permission to send emails, but he’s instructed not to send anything without explicit confirmation from his owner.

reply
> but he’s instructed not to send anything without explicit confirmation from his owner

How confident are you in guardrails of that kind? In my experience it is just a statistical matter of number of attempts until those things are not respected at least on occasion? We have a bot that does call stuff and you give it the hangUp tool and even if you instructed it to only hang up at the end of a call, it goes and does it every once in a while anyway.

reply
> How confident are you in guardrails of that kind?

That's the point of the game. :)

reply
exactly :)
reply
Hes not 'allowed'.

I could be wrong but i think that part of the game.

reply
isn't allowed but is able to respond to e-mails
reply