Captcha Auto
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill openly automates CAPTCHA solving and form submission on arbitrary websites, and it sends full-page screenshots plus provider credentials through external vision APIs.
Review carefully before installing. Only use this for websites you own or have explicit permission to automate, avoid pages containing passwords or personal/financial data, use a limited API key, and prefer adding a manual confirmation before the skill submits any form.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this on third-party sites could violate site rules, bypass security controls, or submit login/forms before the user has reviewed the action.
The skill is designed to solve CAPTCHAs and automatically submit pages, which can bypass website anti-bot controls and perform high-impact browser actions without a separate confirmation gate.
用于网页自动化中的验证码识别、填写和提交 ... 自动填写 - 识别后自动填写并提交
Limit use to sites you own or are authorized to test, and require an explicit user confirmation before any submit/click action.
A provider API key from local OpenClaw configuration may be used by this skill even if the user did not explicitly pass a key for this run.
The code can read local OpenClaw provider credentials, including an OpenAI provider fallback, and use the selected API key as a bearer token for the vision request. This sensitive local credential use is broader than the registry's 'no primary credential / no required config paths' metadata.
const CONFIG_PATH = path.join(HOME_DIR, '.openclaw', 'openclaw.json'); ... config.models?.providers?.openai; ... apiKey: visionConfig.apiKey ... 'Authorization': `Bearer ${config.apiKey}`Declare credential/config requirements accurately, restrict fallback to the intended provider, and ask the user before reading or using local provider keys.
Anything visible on the page screenshot may be sent to the vision provider and may also be saved locally as screenshot files.
The skill clearly discloses that full-page screenshots are sent to a third-party vision API, which is purpose-aligned but may expose sensitive page contents.
本技能会截取网页全屏截图并发送到阿里云 DashScope API ... 不要在包含密码、银行卡、个人信息的页面使用
Use only on pages without sensitive information, prefer cropped CAPTCHA-only images, and delete generated screenshots after use.
Installing later may pull newer dependency versions than the reviewer saw.
The skill relies on npm packages with semver ranges and no provided lockfile/install spec. These dependencies are expected for browser automation and OCR, but provenance and exact versions are not pinned in the provided artifacts.
"dependencies": { "playwright-core": "^1.40.0", "tesseract.js": "^5.0.0" }Use a lockfile or pinned dependency versions and install from trusted package registries.