ClawHub
Back to skill
v1.0.0

CapMonster CAPTCHA Solver

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:44 AM.

Analysis

This skill openly solves and injects CAPTCHA tokens through a paid third-party service, so it can bypass website human-verification gates and should be reviewed before use.

GuidanceInstall only if you intentionally need automated CAPTCHA solving for authorized workflows. Confirm each solve before use, protect the CapMonster API key, expect charges to your CapMonster account, and avoid using the Python helper path unless you have verified the referenced code.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
inject-token.js
gTextarea.value = TOKEN; ... cb(TOKEN); ... cfInput.value = TOKEN;

The script injects a solved CAPTCHA token into page fields and calls CAPTCHA callbacks, which is the mechanism for bypassing CAPTCHA challenges in browser automation.

User impactAn agent using this skill may bypass website human-verification or anti-bot controls, potentially violating site rules or enabling unintended automated activity.
RecommendationUse only for sites and workflows where the user has clear authorization, and require explicit user approval before solving or injecting CAPTCHA tokens.
Unexpected Code Execution
SeverityMediumConfidenceMediumStatusNote
SKILL.md
client = CapMonsterClient("${CAPMONSTER_API_KEY}")

The API key placeholder appears directly inside executable Python example code; if a templating layer substitutes raw values into this source, unusual key contents could affect generated code.

User impactThe normal use case is expected, but users should avoid pasting secrets into generated source and should not run modified snippets they have not reviewed.
RecommendationUse runtime environment lookup such as os.environ["CAPMONSTER_API_KEY"] and avoid generating executable code by string-substituting credential values.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Python Client: `tools/capmonster-cloud/capmonster_api.py` ... sys.path.insert(0, '/Users/eason/clawd/tools/capmonster-cloud')

The skill references a helper Python client and absolute local path that are not included in the provided manifest, creating a provenance gap if users follow that example.

User impactIf the referenced helper exists locally, the agent could import code outside the reviewed skill package while handling the CapMonster key.
RecommendationUse the included reviewed shell/JS files or verify any external Python helper before importing it, and package referenced helper code with the skill.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
solve-recaptcha.sh
API_KEY="${CAPMONSTER_API_KEY}" ... "clientKey": "$API_KEY"

The script uses a CapMonster API key to create paid CAPTCHA-solving tasks, even though the registry metadata declares no required credential.

User impactUsing the skill can spend the user's CapMonster balance, and the key must be protected like a billing credential.
RecommendationDeclare CAPMONSTER_API_KEY as a required credential and confirm costs or budgets before allowing automated solves.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
solve-recaptcha.sh
curl -s -X POST https://api.capmonster.cloud/createTask ... "websiteURL": "$WEBSITE_URL", "websiteKey": "$SITEKEY"

The target website URL and CAPTCHA site key are sent to the external CapMonster Cloud API, which is expected for the service but still crosses a data boundary.

User impactCapMonster can see which pages the user is solving CAPTCHA challenges for, which may reveal browsing or automation targets.
RecommendationUse this only when sharing the target URL and CAPTCHA details with CapMonster is acceptable.