ClawHub

ClawCaptcha

v0.1.0

CAPTCHA solving service for AI agents — solve reCAPTCHA, hCaptcha, Cloudflare Turnstile, FunCaptcha, and image CAPTCHAs automatically.

0· 108·1 current·1 all-time
by@shiyanhui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (CAPTCHA solving) matches the declared requirement (single CLAWCAPTCHA_API_KEY) and the SKILL.md. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md is minimal and only instructs the user/agent to set CLAWCAPTCHA_API_KEY and points to the provider docs. It does not instruct reading other files or credentials, but it implicitly permits the agent to call an external solving service — expected for this purpose but worth noting because data (challenge payloads, target site identifiers, solved tokens) will be transmitted to an external provider.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
Only a single API key (CLAWCAPTCHA_API_KEY) is required and declared as the primary credential, which is proportionate to the stated service. The API key is sensitive and would grant the provider or anyone with the key the ability to perform solves (and likely bill usage).
Persistence & Privilege
Skill is not forced-always; it is user-invocable and allows autonomous invocation (platform default). It does not request modifications to other skills or system-wide settings.
Assessment
This skill appears coherent, but consider the following before installing or enabling it: 1) An API key is sensitive — treat CLAWCAPTCHA_API_KEY like a secret, do not expose it in logs or shared configs; rotate it if you suspect leakage. 2) CAPTCHA-solving services can enable abuse and may violate terms of service of target websites — ensure your intended usage is legal and compliant with site policies. 3) Because the skill relies on an external provider, verify the provider's trustworthiness, privacy policy, billing model, and what data (challenge images, page URLs, user identifiers) they retain. 4) If you want to limit risk, restrict the skill to explicit user invocation (avoid broad autonomous use), monitor usage and billing, and consider setting network or agent-level limits. 5) If you need deeper assurance, request the skill author to provide example API call patterns and the exact endpoints used (the SKILL.md currently only links to docs), so you can audit what data will be sent to the provider.

Like a lobster shell, security has layers — review code before you run it.

latestvk976mzpgxzv9apedz4e00ey0en836j0a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCLAWCAPTCHA_API_KEY
Primary envCLAWCAPTCHA_API_KEY

Comments