ClawHub

captcha-recognition

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the CAPTCHA recognition it advertises, but it has broad activation scope and arbitrary URL fetching that need user review before installation.

Review this skill before installing. Use it only for CAPTCHA images you are authorized to process, avoid using it to bypass third-party verification systems, and do not provide sensitive local paths or untrusted/internal URLs unless the environment can safely make those requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly supports fetching CAPTCHA images from HTTP/HTTPS URLs, which is network-capable behavior, but no permissions are declared. Undeclared network access is dangerous because it hides the skill's true capabilities from reviewers and policy enforcement, and could enable unintended outbound requests or access to internal resources if user-supplied URLs are fetched.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "OCR" is overly broad and can cause this skill to activate for many non-CAPTCHA image/text extraction requests. That is risky because it expands the skill's operational scope beyond its stated purpose, increasing the chance of misrouting user requests to a CAPTCHA-solving tool and enabling inappropriate use in contexts not intended by the skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation guidance says to activate not only for CAPTCHA requests but also for general OCR-related requests, which makes the scope ambiguous. In security-sensitive systems, ambiguous routing is dangerous because it can grant a CAPTCHA-decoding capability to workflows that only requested ordinary OCR, undermining least privilege and increasing abuse potential.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The examples explicitly include generic OCR requests like extracting text from images, without any limiting language. This broadens the apparent purpose of the skill from CAPTCHA recognition to general OCR, making accidental or inappropriate invocation more likely and increasing the chance that anti-abuse-sensitive functionality is applied outside its intended context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal