Skillv1.0.0

ClawScan security

captcha-login-assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 11:40 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions largely match its stated purpose (automating CAPTCHA-based logins), but it leaves out how credentials are supplied and contains operational details that make credential handling and automated bypass of CAPTCHA easy — this raises security and misuse concerns that you should understand before installing.
Guidance: Before installing, consider the following: - This skill automates login and CAPTCHA solving and will need account credentials and page access to work. Ask the publisher how credentials should be supplied securely (prefer runtime secure prompts or a dedicated secret store—do not paste passwords into the SKILL.md or chat history). - Automated CAPTCHA solving can be used to circumvent anti-abuse controls; ensure you have lawful, authorized use for any target system and that automation won't violate terms of service. - The SKILL.md captures screenshots (which may contain sensitive data). Confirm where screenshots are written and ensure they are not persisted insecurely. - Because there are no declared env vars or primary credential fields, there's a risk implementers will embed secrets directly into executed scripts. If you install, require the skill to accept credentials via a secure secret mechanism and add explicit instructions to avoid logging or persisting them. - If you do not trust the skill author or cannot obtain answers to the above, do not install. If you proceed, test only on accounts and systems you control and monitor for unexpected behavior.

Review Dimensions

Purpose & Capability: noteThe name/description (automate CAPTCHA logins via Chrome DevTools MCP and AI vision) aligns with the SKILL.md actions (navigate, screenshot, run DOM scripts, submit). However, the skill assumes supply of account credentials and recognized CAPTCHA values without declaring how those secrets are provided or protected (no env vars, no secure input mechanism). That omission is notable because handling passwords is central to the stated purpose.
Instruction Scope: concernThe runtime instructions instruct the agent to capture screenshots of login pages, perform DOM manipulation to insert usernames/passwords, and submit forms. These are exactly what the skill claims to do, but they also give a complete, automated recipe for programmatically bypassing CAPTCHA protections. The instructions suggest embedding credential values directly into evaluated scripts (placeholders 'your_username' / 'your_password') and capture screenshots that may contain sensitive data. There is no guidance on secure credential injection at runtime or safeguards against misuse, nor any requirement that screenshots be stored securely or immediately discarded.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest disk-write risk. There are no downloaded artifacts or binaries requested.
Credentials: noteThe skill requests no environment variables or credentials in registry metadata, yet its workflow requires account credentials and produces sensitive screenshots. The lack of declared primaryEnv or envVars is inconsistent with the practical needs of the described workflow and increases the chance implementers will embed secrets insecurely (inlined into scripts or chat prompts).
Persistence & Privilege: okalways is false and the skill does not request system-level persistence or modify other skills. Model invocation is allowed (platform default) which means it could be called autonomously; combined with the nature of this skill, that increases abuse potential, but the skill itself does not request elevated platform privileges.