Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
captcha-login-assistant
v1.0.0Assist with web login processes that require CAPTCHA verification. Uses Chrome DevTools MCP to capture screenshots, recognizes CAPTCHA codes using AI vision,...
⭐ 0· 230·0 current·0 all-time
by@leungbh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (automate CAPTCHA logins via Chrome DevTools MCP and AI vision) aligns with the SKILL.md actions (navigate, screenshot, run DOM scripts, submit). However, the skill assumes supply of account credentials and recognized CAPTCHA values without declaring how those secrets are provided or protected (no env vars, no secure input mechanism). That omission is notable because handling passwords is central to the stated purpose.
Instruction Scope
The runtime instructions instruct the agent to capture screenshots of login pages, perform DOM manipulation to insert usernames/passwords, and submit forms. These are exactly what the skill claims to do, but they also give a complete, automated recipe for programmatically bypassing CAPTCHA protections. The instructions suggest embedding credential values directly into evaluated scripts (placeholders 'your_username' / 'your_password') and capture screenshots that may contain sensitive data. There is no guidance on secure credential injection at runtime or safeguards against misuse, nor any requirement that screenshots be stored securely or immediately discarded.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest disk-write risk. There are no downloaded artifacts or binaries requested.
Credentials
The skill requests no environment variables or credentials in registry metadata, yet its workflow requires account credentials and produces sensitive screenshots. The lack of declared primaryEnv or envVars is inconsistent with the practical needs of the described workflow and increases the chance implementers will embed secrets insecurely (inlined into scripts or chat prompts).
Persistence & Privilege
always is false and the skill does not request system-level persistence or modify other skills. Model invocation is allowed (platform default) which means it could be called autonomously; combined with the nature of this skill, that increases abuse potential, but the skill itself does not request elevated platform privileges.
What to consider before installing
Before installing, consider the following:
- This skill automates login and CAPTCHA solving and will need account credentials and page access to work. Ask the publisher how credentials should be supplied securely (prefer runtime secure prompts or a dedicated secret store—do not paste passwords into the SKILL.md or chat history).
- Automated CAPTCHA solving can be used to circumvent anti-abuse controls; ensure you have lawful, authorized use for any target system and that automation won't violate terms of service.
- The SKILL.md captures screenshots (which may contain sensitive data). Confirm where screenshots are written and ensure they are not persisted insecurely.
- Because there are no declared env vars or primary credential fields, there's a risk implementers will embed secrets directly into executed scripts. If you install, require the skill to accept credentials via a secure secret mechanism and add explicit instructions to avoid logging or persisting them.
- If you do not trust the skill author or cannot obtain answers to the above, do not install. If you proceed, test only on accounts and systems you control and monitor for unexpected behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk970han4ra6r4vv9536vxfhfgh82z2mz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.