Auto Login
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a real browser auto-login and CAPTCHA-solving skill, but it can submit logins to arbitrary sites and send full-page screenshots to a configured vision API, so it needs careful review before use.
Install only if you intentionally want to automate logins for authorized sites. Before running it, confirm the target URL, credentials, provider base URL, and API key; prefer a trusted vision provider; avoid sensitive pages; disable or delete debug screenshots; and require manual approval before any login submission or retry.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong site or with the wrong credentials, it could attempt account logins or repeated failed login attempts without the user manually reviewing each step.
The skill explicitly automates credential filling, CAPTCHA handling, login detection, and retries, which are high-impact browser actions across web accounts.
**全自动网页登录解决方案** — 集成验证码识别、账号密码填写、登录状态检测、失败重试。
Use it only for sites and accounts you are authorized to automate, and require explicit confirmation for the target URL, credentials, CAPTCHA solving, submit action, and retry count.
Full login-page screenshots may expose usernames, page contents, account context, or other sensitive information to the configured vision provider.
The CAPTCHA-recognition flow sends a base64 page image to a configurable OpenAI-compatible provider endpoint using a bearer credential.
fetch(`${cfg.baseUrl}/chat/completions`, ... { type: 'image_url', image_url: { url: `data:image/png;base64,${imageBase64}` } } ... 'Authorization': authValueUse only trusted provider endpoints, prefer cropping to the CAPTCHA region before upload, and avoid running it on pages containing sensitive account or personal information.
Provider API keys or app IDs will be used by the skill to call the configured vision service.
The skill reads local OpenClaw model configuration and provider API credentials, which is expected for the vision API but still sensitive authority.
const CONFIG_PATH = path.join(HOME_DIR, '.openclaw', 'openclaw.json'); ... const envApiKey = process.env.PROVIDER_API_KEY || process.env.VISION_API_KEY || process.env.QWEN_API_KEY; const envAppId = process.env.PROVIDER_APP_ID;
Use least-privilege provider credentials, keep them out of shared logs or config files, and verify which provider/base URL is configured before running.
Saved screenshots could reveal login pages, CAPTCHA images, usernames, or other page content if the workspace is shared or later inspected.
The skill can keep step-by-step screenshots for debugging, which may persist sensitive login-page content locally.
| **截图记录** | 每步可选截图,便于调试 |
Disable screenshots when not needed, store them in a private location, and delete debugging images after use.
Future installs could resolve to newer dependency versions than the author tested.
The skill depends on npm packages with semver ranges rather than exact pinned versions; these packages are expected for browser automation and OCR but remain supply-chain inputs.
"dependencies": { "playwright-core": "^1.40.0", "tesseract.js": "^5.0.0" }Install from a trusted registry, prefer a lockfile or exact versions for repeatable installs, and review dependency updates.
Users may follow documentation that does not match the reviewed package and could seek or run an unreviewed helper script.
The documentation references an auto-login framework script that is not present in the provided file manifest, creating uncertainty about the reviewed runtime path for a high-impact login workflow.
node scripts/auto-login-framework.mjs --config-file=./login-config.json --keep-open
Use only files included in the reviewed package, and ask the publisher to align the documentation, manifest, and entry points.