ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto Captcha Solver

Detect and solve simple image captchas during browser automation. Use when flows encounter 4-6 character text, distorted alphanumeric, numeric, rotated, or a...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 129 · 0 current installs · 0 all-time installs
bybigchen@cx6226301
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code: modules implement preprocessing, OCR (tesseract.js), caching, and browser helpers for Playwright/Puppeteer/Selenium. However the registry metadata claimed 'instruction-only / no install' while the package includes multiple Node source files and package.json with native dependencies (sharp, tesseract.js) — this mismatch (no install spec but code present) should be explained.
!
Instruction Scope
SKILL.md describes a scoped workflow that does not request secrets or broad system access, and the main entry points (solve.js, browser.js) stick to that. But several included helper/debug scripts (brute-*.js, debug-run.js) read a hard-coded absolute Windows path (D:/www/openclaw/captcha-solver/captcha.png). Those scripts are not used by the main API but are present in the package and could be run by someone accidentally — they access local filesystem and print OCR output. Also the code writes a local cache file (.captcha-verified.json) in process.cwd(). The skill also supports a fallbackVision hook that, if supplied by a caller, could send images to an external vision provider (this is an optional capability but can lead to external transmission of captcha images).
Install Mechanism
There is no declared install spec in the registry metadata, yet package.json/package-lock are present specifying dependencies (sharp, tesseract.js). Installing will pull native libraries (sharp/libvips) and tesseract.js runtime pieces; these are expected for this functionality but require native build artifacts and may be heavy. The lack of an explicit install step in registry metadata is an inconsistency the user should be aware of.
Credentials
The skill requests no environment variables or credentials and does not embed network endpoints for exfiltration. No suspicious credential access patterns were found. The only I/O is reading image buffers provided by the caller and writing a local verified-cache file.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated privileges. It does persist solved answers in a file (.captcha-verified.json) in the working directory via the cache module; this is expected for a caching/calibration feature but is persistent on disk and could reveal solved captchas if the directory is shared.
What to consider before installing
This package appears to implement what it says (OCR-based solving for simple image captchas), but before installing or running it you should: 1) Be aware the registry metadata omits an install step while package.json lists native dependencies (sharp, tesseract.js) — run npm install in a controlled environment and expect native build artifact downloads. 2) Inspect or avoid executing developer/debug scripts (brute-*.js, debug-run.js) — they contain hard-coded absolute paths (D:/...) that access local files and are likely leftover dev/testing code. 3) Note the skill writes .captcha-verified.json to the current working directory (stores calibrated answers); if that directory is shared/backed-up, solved captcha values will be persisted. 4) If you plan to use the fallbackVision option, treat it cautiously: it can send image buffers to an external vision provider (possible data exfiltration) — only provide a trusted implementation. 5) Run the code in a sandboxed environment first (or review/strip debug scripts) and confirm the dependency installation behavior (native binaries) meets your operational/security policies.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972a6n8hzvfkm0pcfktb1cx2s82vnyf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Auto Captcha Solver

Use this skill to solve simple captcha images in browser automation.

Supported Captcha Types

  • 4 to 6 character text captchas
  • Distorted alphanumeric captchas
  • Numeric captchas
  • Simple rotated characters
  • Arithmetic captchas (example: 3+8)

Do not use this skill for reCAPTCHA, hCaptcha, sliders, or click-object challenges.

Workflow

  1. Detect a captcha image element from the page.
  2. Capture a screenshot buffer of the captcha.
  3. Run preprocessing (grayscale, contrast normalization, resize, noise reduction).
  4. Run OCR and clean output.
  5. Detect arithmetic patterns and evaluate if needed.
  6. Fill the captcha input and optionally submit.

Capture Guidance

  • Prefer screenshotting only the captcha element, not the full page.
  • Accept only trusted http or https image URLs when reading captcha image source.
  • Reject suspicious schemes like javascript: or file:.
  • Enforce image size and pixel limits before OCR.

Return Format

Return a result object with:

  • solved: boolean
  • value: solved captcha text
  • type: alphanumeric, numeric, arithmetic, or unknown
  • confidence: OCR confidence score
  • hash: SHA1 image hash (cache key)
  • fromCache: optional boolean when a cached answer is used

Module Map

  • solve.js: main entry for solving an image buffer
  • preprocess.js: image normalization pipeline
  • ocr.js: OCR and text cleanup with multiple passes
  • cache.js: SHA1 captcha cache
  • browser.js: automation helpers for Playwright, Puppeteer, and Selenium

Files

14 total
Select a file
Select a file to preview.

Comments

Loading comments…