Auto Captcha Solver
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could pass a captcha gate and submit a web form without a separate user confirmation, including on sites where automation is not authorized.
The helper fills the solved captcha value into the page and submits by default unless the caller explicitly disables autoSubmit.
await inputPick.element.fill(result.value); ... if (options.autoSubmit !== false) { ... await page.keyboard.press("Enter"); }Use only on systems where you have authorization, set autoSubmit to false by default, and require explicit approval before submitting any form after a captcha is solved.
Installing or running the skill may install OCR/image-processing packages from npm.
The skill depends on external npm packages for image processing and OCR; this is expected for the purpose, and a lockfile is present, but users should still review dependency installation.
"dependencies": { "sharp": "^0.34.1", "tesseract.js": "^6.0.1" }Install from a trusted package source, keep the lockfile, and review dependency updates before use.
A stale or tampered local cache could cause future captcha attempts to reuse an incorrect answer; it also leaves a small record of solved captcha values on disk.
Verified captcha answers are persisted locally and reused by image hash across runs.
path.resolve(process.cwd(), ".captcha-verified.json"); ... fs.writeFileSync(this.verifiedFile, JSON.stringify(payload, null, 2), "utf8");
Keep the cache scoped to the project, clear it when no longer needed, and avoid sharing or trusting cache files from untrusted sources.