ClawHub
Back to skill
v1.0.0

Captcha Solver

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:27 AM.

Analysis

This skill openly solves CAPTCHAs, but it gives an agent CAPTCHA-bypass capability and sends 2Captcha keys and challenge data over plaintext HTTP.

GuidanceReview carefully before installing. Use only for authorized CAPTCHA-solving scenarios, avoid sensitive pages or images, protect any 2Captcha API key, and consider fixing the code to use HTTPS, POST requests, pinned dependencies, and explicit user approval before solving external CAPTCHA challenges.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
API解决 / API Solving (付费/APIs)
- reCAPTCHA v2/v3
- hCaptcha
- Cloudflare Turnstile
...
- 轨迹生成 / Trajectory generation

The skill is designed to solve multiple CAPTCHA systems and generate slide trajectories, which can be used to bypass anti-bot protections on websites.

User impactAn agent with this skill could help automate access through CAPTCHA gates, potentially violating site rules or enabling actions the user did not intend to automate.
RecommendationInstall only if you intentionally need CAPTCHA solving for authorized use, and require explicit user approval before using it on third-party sites.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
pip install pillow numpy opencv-python

The README instructs manual installation of unpinned Python dependencies; this is expected for OCR/image processing but leaves dependency versions and provenance to the user.

User impactThe installed package versions may vary by environment and could introduce normal dependency supply-chain risk.
RecommendationInstall dependencies in an isolated environment and pin or review package versions before use.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/solve.py
API_2CAPTCHA = os.getenv("API_2CAPTCHA", "")
...
submit_url = f"http://2captcha.com/in.php?key={self.api_key}&method=userrecaptcha&googlekey={site_key}&pageurl={url}"

The code reads a 2Captcha API key and places it in a plaintext HTTP query string, even though the registry metadata declares no credential requirement.

User impactA 2Captcha key could be exposed in transit or logs, which may allow unauthorized use of the user's paid CAPTCHA-solving account.
RecommendationTreat the API key as sensitive, prefer HTTPS and POST-based API calls, and avoid installing unless the credential handling is reviewed or fixed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
scripts/solve.py
with open(image_path, "rb") as f:
    img_data = base64.b64encode(f.read()).decode()
...
submit_url = f"http://2captcha.com/in.php?key={self.api_key}&method=base64&body={img_data}"

The skill can read a local CAPTCHA image and send its base64 contents to the 2Captcha provider over plaintext HTTP in the URL.

User impactCAPTCHA images, page URLs, and related challenge data may be exposed to the provider, network observers, or logs without clear privacy boundaries.
RecommendationUse this only for non-sensitive challenges, ensure the external provider is acceptable, and change the implementation to use HTTPS with safer request handling.