FlareSolverr — Cloudflare Bypass
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is explicitly built to evade Cloudflare, bot-detection, rate-limit, and anti-scraping protections while extracting reusable cookies and sessions.
Do not install this skill for normal browsing or scraping. Its advertised purpose is to bypass website defenses, including Cloudflare, bot detection, rate limits, and anti-scraping controls. If you have a legitimate authorized testing need, use an isolated local instance, pin and verify the container image, restrict targets to owned systems, require explicit approval before each use, and destroy sessions afterward.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could use this skill to scrape or access sites that are intentionally blocking automation, creating legal, account, reputation, or abuse-risk consequences for the user.
The core workflow is to defeat website anti-bot and rate-limiting controls, not merely access a normal API, and the visible instructions do not limit use to authorized targets.
Use FlareSolverr to bypass Cloudflare protection... Bot detection blocks automated requests... Rate limiting or anti-scraping measures
Do not install or use this skill for third-party sites; only consider a heavily restricted version for explicitly authorized testing against owned assets.
Reusable challenge-clearance cookies may let the agent continue acting as a solved browser session, extending access beyond a single user-approved request.
The skill explicitly obtains Cloudflare clearance cookies and user-agent values for reuse, which can act like bearer tokens for bypassing a site's access protections.
"cookies": [{ "name": "cf_clearance", "value": "...", "domain": ".example.com" }], "userAgent": "Mozilla/5.0 ..."Avoid storing or reusing clearance cookies except in authorized contexts; require explicit user approval and destroy sessions after use.
Installing the skill may lead users to run unpinned third-party container code with network access, making updates or image compromise harder to detect.
The setup runs a remote Docker image using the mutable latest tag as a background service, so the executed code can change over time and is not reviewed in the supplied artifacts.
docker run -d --name flaresolverr -p 8191:8191 ghcr.io/flaresolverr/flaresolverr:latest
If used in an authorized lab, pin the image to a verified version or digest, review the upstream project, and isolate the container.
If FLARESOLVERR_URL points to a remote or shared service, sensitive request data and solved cookies could be exposed to that service.
Requests, headers, POST bodies, responses, and cookies are routed through the configured FlareSolverr API endpoint; this is expected, but the data boundary depends entirely on whether that endpoint is trusted.
curl -s -X POST "$FLARESOLVERR_URL/v1" ... "postData": "{\"key\":\"value\"}", "headers": { "Content-Type": "application/json" }Use only a trusted local FlareSolverr instance, avoid sending credentials or private data through it, and do not expose the service publicly.
A local service and active sessions may remain available after the immediate request is finished.
The service is run in detached mode and supports reusable browser sessions; this persistence is disclosed, but it can outlive a single task if not cleaned up.
docker run -d --name flaresolverr -p 8191:8191 ... Sessions allow reusing browser context (cookies, user-agent) for multiple requests
Stop the container and destroy sessions when finished, and do not leave the API exposed to other users or networks.