ANTI NK CAPTCHA
Security checks across malware telemetry and agentic risk
Overview
The skill’s behavior is mostly disclosed, but it records and may upload political voice challenges and can gate chat access based on a risky, unreliable verification premise.
Review carefully before installing. Avoid using this for real hiring or access control unless you are comfortable collecting political voice recordings, sending them to the configured STT provider, and making role/access decisions from an automated challenge. Pin any embedded code to a fixed release, protect the STT API key, remove development state files from the package, and add human review plus privacy safeguards.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may over-trust a political litmus test as a security control, wrongly deny access, or create dangerous recordings of people making sensitive political statements.
The skill frames a coercive political speech recording as a reliable security test and explicitly relies on severe personal risk to the challenged person.
A genuine North Korean operative cannot comply without risking execution.
Do not use this as a sole verification or hiring/security control; replace the political challenge with neutral identity and risk checks, and require human review for any adverse decision.
A bot or agent could incorrectly grant access or block a legitimate person from a workspace based on an unreliable automated challenge.
The documented Discord workflow grants or denies channel access based on the CAPTCHA result, but the artifacts do not show clear approval, scoping, appeal, or rollback controls.
✅ VERIFIED ... Role "Verified" granted! ... 🚫 VERIFICATION FAILED ... Access denied.
Require administrator opt-in, explicit role IDs and channel scopes, audit logs, manual approval for failures, and a documented appeal path before using this in a real workspace.
Political voice recordings and transcripts could become sensitive personal data if retained, logged, shared, or sent to an unintended transcription endpoint.
The skill collects raw voice recordings and transcripts and may send uploaded audio to an external STT service, but the provided documentation does not define retention, deletion, consent, or reuse limits.
result.audioBlob has the recording for server-side verification ... Downloads the file ... Sends to Whisper API for transcription
Add explicit consent, retention/deletion rules, endpoint disclosure, encryption/storage limits, and avoid keeping raw audio unless strictly necessary.
A website embedding this snippet could run changed third-party code later, including code different from what the user reviewed.
The recommended website embed executes JavaScript from the mutable main branch, so future repository changes could alter behavior for installed sites without a version pin or integrity check.
<script src="https://cdn.jsdelivr.net/gh/sigridjineth/claw-nk-captcha@main/dist/nk-captcha.js"></script>
Pin to an immutable release/version, publish a verified package artifact, and provide Subresource Integrity or checksum guidance.
A misconfigured or exposed STT key could incur costs or send audio to an endpoint the installer did not intend.
Voice verification uses an OpenAI-compatible API key and endpoint; this is purpose-aligned, but it is still a credential with billing and data-access implications.
sttApiKey: "sk-your-openai-api-key", sttEndpoint: "https://api.openai.com/v1/audio/transcriptions"
Use a restricted key where possible, store it only in protected configuration, verify the endpoint, and rotate the key if the plugin is removed or compromised.
Installer review is noisier, and local development state could leak publisher environment details or confuse tools that read project memory files.
The submitted package includes local development agent memory/state files that are unrelated to the CAPTCHA runtime; this is not evidence of active malicious behavior, but it is an unexpected provenance and package-hygiene issue.
"projectRoot": "/Users/sigridjineth/Desktop/work/northkorea-captcha", "hotPaths": [
Remove .omc/.omx logs and state from the published artifact and republish a clean package containing only runtime and documentation files.