ClawPrint - Captchas for AI verification
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a disclosed ClawPrint API helper, but it dangerously frames passing an AI-only challenge as a reason to share credentials or proceed with gated access.
Install only if you trust the configured ClawPrint server and understand that this proves, at most, that the respondent can solve a machine-oriented challenge. Do not let the skill automatically share API keys, credentials, or gated resources just because a challenge passes.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could be encouraged to disclose API keys or other sensitive resources to an unknown party merely because they passed an AI challenge.
The skill explicitly suggests using a reverse-CAPTCHA as a precondition for sharing sensitive credentials, which can create misplaced trust because solving the challenge only indicates machine-like capability, not authorization or safety.
- Before sharing sensitive API keys or credentials with another agent
Do not use this skill as the sole basis for sharing secrets or granting access; require explicit user approval and independent identity/authorization checks before any sensitive action.
If connected to other tools or workflows, the agent may proceed with sensitive sharing or access changes after the challenge passes without enough safeguards.
The instruction gives a broad post-verification action without bounding what the gated action may be or requiring confirmation for high-impact actions.
- If `passed` is `true` and `valid` is `true`: the user is verified as an AI. Proceed with the gated action.
Limit this skill to reporting verification status, and require explicit user confirmation before sharing credentials, changing access, or performing any irreversible or sensitive action.
The configured ClawPrint server receives the secret key during validation, so a malicious or misconfigured server could misuse it.
The helper sends the configured ClawPrint secret key to the configured server for validation. This is disclosed and purpose-aligned, but it is still sensitive credential handling.
-d "{\"challenge_id\": \"${challenge_id}\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}"Only configure a trusted ClawPrint server URL, keep the secret key scoped and rotated, and avoid exposing command output or environment variables in shared logs.