ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

FlareSolverr — Cloudflare Bypass

v1.0.0

Bypass Cloudflare protection by routing requests through FlareSolverr’s browser API, handling challenges and returning page content, cookies, and headers.

2· 947·6 current·6 all-time
by@dolverin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, declared binaries (curl, jq), and required env var (FLARESOLVERR_URL) align with using an external FlareSolverr HTTP API. The SKILL.md only documents calling that API and managing sessions/cookies, which is expected for this purpose.
Instruction Scope
Instructions stay within the skill's scope: run FlareSolverr (Docker), set FLARESOLVERR_URL, and POST JSON requests to /v1. The skill makes and extracts page content, cookies, headers and supports proxies/sessions — all reasonable for a bypass/scraping helper. Note: because the skill returns full page content and cookies, using a remote/untrusted FLARESOLVERR_URL would expose requested URLs and page data to that host (privacy/exfiltration risk).
Install Mechanism
Instruction-only skill (no install spec or code). SKILL.md advises running the official ghcr.io/flaresolverr image via docker run — a standard, expected approach and not an arbitrary download URL from an unknown server.
Credentials
Only FLARESOLVERR_URL is required and declared as the primaryEnv, which is proportional. Caution: that single env var controls the service endpoint — pointing it to an untrusted third-party service could leak all requested URLs, page contents, and cookies to that remote operator.
Persistence & Privilege
always:false and no install or persistent configuration changes are requested. The skill does not ask to modify other skills or system-wide settings.
Assessment
This skill appears coherent for running and using a FlareSolverr HTTP API. Before installing: prefer running FlareSolverr yourself (the SKILL.md suggests the ghcr.io Docker image) so requests and solved pages stay on your host; do not set FLARESOLVERR_URL to an untrusted public endpoint (that service will see all target URLs, page content, and cookies); consider legal/terms-of-service implications of bypassing protections and respect rate limits; and keep curl/jq available on the agent environment. Autonomy is allowed by default but the skill does not request elevated/system-wide privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ck7vze8079j4t7aj7d4ceg1812ts3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binscurl, jq
EnvFLARESOLVERR_URL
Primary envFLARESOLVERR_URL

Comments