ClawHub

Captcha Auto

Security checks across malware telemetry and agentic risk

Overview

This CAPTCHA skill is mostly transparent about what it does, but it can upload full-page screenshots and automatically submit arbitrary web forms without a clear confirmation step.

Install only if you are authorized to automate the target sites. Use a dedicated vision API key, avoid pages containing passwords, account data, or personal information, and consider modifying the workflow to crop only the CAPTCHA and require confirmation before uploading screenshots or clicking submit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as captcha recognition/filling, but it also actively searches for and clicks validation or submission controls. That broadens the action from passive assistance to state-changing automation, which can trigger unintended logins, submissions, or anti-bot workflows without a clear user approval step.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
If no captcha field is confidently identified, the code falls back to filling the first visible input that matches loose size checks. On real pages this can overwrite unrelated fields such as username, email, search, MFA, or sensitive workflow inputs, causing unintended actions or corrupting user data before submission.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code automatically clicks likely submit/validate buttons after filling the captcha, with no explicit confirmation from the user. In browser automation, this can trigger irreversible actions, account interactions, or anti-abuse responses on the wrong page or wrong form, especially because button discovery also uses heuristic matching.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal