Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Captcha Auto
v1.0.7智能验证码自动识别 Skill - 混合模式(本地 Tesseract OCR + 阿里云千问 3 VL Plus)。支持两阶段输入框查找、安全隐私警告。用于网页自动化中的验证码识别、填写和提交。
⭐ 0· 1.1k·5 current·5 all-time
byMarvelousBean@annoyingc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's declared purpose (captcha recognition using local OCR with a visual-model fallback) matches the code and SKILL.md. However the registry metadata claimed 'Required env vars: none' while both SKILL.md and index.mjs require a VISION_API_KEY (or config file) to call the remote visual model. That metadata mismatch is misleading and reduces transparency about required secrets.
Instruction Scope
Runtime instructions and source direct the agent to take full-page screenshots of target webpages and send the image (base64) to an external endpoint (Aliyun DashScope-compatible API). The README warns not to use pages with passwords/bank info, but automatic full-page screenshotting means sensitive data can be captured and transmitted. The skill also reads the user's OpenClaw config (~/.openclaw/openclaw.json) for provider API keys.
Install Mechanism
This is instruction+code (no installer). Dependencies are standard Node modules (playwright-core, tesseract.js) and installation is via npm—no unusual download URLs or archive extraction. No install spec (low platform-level risk) but the package expects node >=18 and Chrome/Chromium present.
Credentials
The skill legitimately needs an API key for the remote vision model (VISION_API_KEY / QWEN_API_KEY) and an API base URL. That is proportionate to the fallback capability. However manifest/registry metadata incorrectly lists no required env vars, and the code will also read ~/.openclaw/openclaw.json for provider credentials (potentially exposing other stored provider keys if present). The skill does not request unrelated credentials, but it will read user config files that may contain secrets.
Persistence & Privilege
The skill does not request always:true, does not attempt to modify other skills, and is user-invocable only. It writes screenshots to the workspace and expects the runtime to have node and Chrome, which is normal for browser automation.
What to consider before installing
This skill appears to implement what it claims (local OCR then a remote visual model fallback) but it will take full-page screenshots and send them to a third-party API (Aliyun DashScope-compatible endpoint). Before installing: 1) Be aware screenshots may include sensitive info — do not run on pages with passwords, payment data, or personal info. 2) The skill requires a VISION_API_KEY (contradicting the registry metadata) or config in ~/.openclaw/openclaw.json — verify what keys you store there. 3) Review the index.mjs code yourself or run the skill in a sandboxed environment to confirm behavior. 4) If you must use it, consider creating a dedicated, limited-scope API key on the provider side and avoid running it against sensitive sites. If you need higher assurance, decline installation until the metadata is corrected and the developer documents exact data flows and config-file parsing behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk975tfwa17ztyfvjgkvgynf1xn81v431
License
MIT-0
Free to use, modify, and redistribute. No attribution required.