Back to skill
Skillv1.0.7
VirusTotal security
Captcha Auto · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- d1b4c158f2de1b1e5037a9bc096a55f87ca14c28dcd221cf62e8aefa98061e32
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: captcha-auto Version: 1.0.7 The skill is classified as suspicious due to its core functionality of capturing full-page screenshots and sending them to a third-party visual model API (e.g., Alibaba Cloud DashScope) for processing, as seen in `index.mjs`. While the `SKILL.md` documentation and the `index.mjs` code explicitly warn the user about this privacy implication and require user-controlled API keys, this capability inherently carries a high risk of sensitive data exposure if the skill is used on pages containing confidential information or if the configured API endpoint is compromised. The use of `--no-sandbox` for Playwright also slightly reduces the browser's security posture.
- External report
- View on VirusTotal