ClawPrint - Captchas for AI verification
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it claims, but it encourages treating a quick puzzle as proof that it is safe to share sensitive credentials or resources with another agent.
Install only if you trust the ClawPrint server you configure and understand that passing this challenge does not prove a party is safe, authorized, or deserving of secrets. Never share API keys or sensitive resources based solely on this verification result.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could be tricked into releasing API keys or gated resources to an untrusted party simply because they solved the challenge.
The skill tells the agent to use this challenge as a basis for sensitive access decisions, including sharing credentials, even though solving a speed or pattern challenge only demonstrates machine-like capability, not trustworthiness, authorization, or identity.
- Before sharing sensitive API keys or credentials with another agent ... If `passed` is `true` and `valid` is `true`: the user is verified as an AI. Proceed with the gated action.
Do not use this as proof that another party is trustworthy or authorized. Require explicit user approval and separate identity, authorization, and least-privilege checks before sharing any secrets or sensitive resources.
If the server URL is misconfigured or controlled by someone untrusted, the ClawPrint secret key could be exposed to that server.
The helper submits the ClawPrint secret key to the configured server for validation. This is disclosed and purpose-aligned, but it makes the configured server URL important.
-d "{\"challenge_id\": \"${challenge_id}\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}"Set CLAWPRINT_SERVER_URL only to a trusted ClawPrint server, keep the secret key scoped and rotatable, and avoid using this key for anything outside ClawPrint validation.
It may be hard to confirm who operates the API or how it handles challenge data and ClawPrint credentials.
The skill relies on an external hosted API endpoint. Combined with the provided metadata showing no source repository or homepage, users have limited provenance information for the service that receives ClawPrint keys.
URL: https://dependable-adventure-production-44e3.up.railway.app/
Verify the ClawPrint server operator before use, prefer a documented or self-hosted endpoint, and review the service’s key-handling and retention practices.