Auto Captcha Solver

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill is transparent about solving simple captchas, but it can bypass human-verification steps and submit browser forms automatically, so it warrants review.

Install only if you need authorized captcha handling for your own or approved automation. Disable automatic submission, review each solved captcha before continuing, and do not use it to bypass third-party anti-bot protections or site rules.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

An agent using this skill could pass a captcha gate and submit a web form without a separate user confirmation, including on sites where automation is not authorized.

Why it was flagged

The helper fills the solved captcha value into the page and submits by default unless the caller explicitly disables autoSubmit.

Skill content

await inputPick.element.fill(result.value); ... if (options.autoSubmit !== false) { ... await page.keyboard.press("Enter"); }

Recommendation

Use only on systems where you have authorization, set autoSubmit to false by default, and require explicit approval before submitting any form after a captcha is solved.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing or running the skill may install OCR/image-processing packages from npm.

Why it was flagged

The skill depends on external npm packages for image processing and OCR; this is expected for the purpose, and a lockfile is present, but users should still review dependency installation.

Skill content

"dependencies": { "sharp": "^0.34.1", "tesseract.js": "^6.0.1" }

Recommendation

Install from a trusted package source, keep the lockfile, and review dependency updates before use.

Low

#ASI06: Memory and Context Poisoning

What this means

A stale or tampered local cache could cause future captcha attempts to reuse an incorrect answer; it also leaves a small record of solved captcha values on disk.

Why it was flagged

Verified captcha answers are persisted locally and reused by image hash across runs.

Skill content

path.resolve(process.cwd(), ".captcha-verified.json"); ... fs.writeFileSync(this.verifiedFile, JSON.stringify(payload, null, 2), "utf8");

Recommendation

Keep the cache scoped to the project, clear it when no longer needed, and avoid sharing or trusting cache files from untrusted sources.