Captcha Suite
v1.0.0验证码处理套件 - 整合滑块拼图、旋转验证码、图形验证码等多种验证码处理能力。一站式解决网页验证码拦截问题,支持百度地图、大麦、淘宝、京东等 50+ 网站。当遇到任何类型的验证码时自动触发此技能。
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, reference docs, and the two scripts all align: they detect captcha types (rotate, puzzle, graphic, click) and provide code to compute actions and execute them in a browser. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs automatic triggering when a captcha appears and provides manual invocation options and examples. The runtime instructions and scripts operate only on screenshots and browser DOM actions; they do not reference or exfiltrate unrelated files, environment variables, or network endpoints. Note: the skill is explicitly designed to bypass captchas across many sites (including banks/government), which is broad in scope and may have legal/ToS implications even though it is technically coherent.
Install Mechanism
This is an instruction-only skill with bundled scripts; there is no install spec or external download. The Python script requires common libs (opencv-python, numpy) which are declared at runtime via an error message. No high-risk download/extract steps are present.
Credentials
The package declares no required environment variables, no credentials, and no config paths. The code references only local image files, writes debug images, and operates against an in-browser Playwright environment when auto-executing. No secret exfiltration is requested.
Persistence & Privilege
always:false (normal). disable-model-invocation:false (default) means the agent could call the skill autonomously when eligible — combined with this skill's purpose, that enables automatic captcha-bypassing across any site the agent visits. This is a behavioral/policy risk (misuse, ToS/legal exposure) rather than a technical incoherence; the skill does not request elevated system privileges or persistent system-wide changes.
Assessment
Technically the skill appears coherent and implements what it claims: image-based captcha detection and Playwright-driven interaction. Before installing, consider: (1) legal and terms-of-service risks — bypassing captchas may violate website TOS or laws in some jurisdictions, especially for banking/government sites; (2) operational requirements — it needs a browser/Playwright execution environment and Python packages (opencv-python, numpy) to work; (3) detectability and reliability — sites actively detect automation and may block accounts/IPs; (4) backups and third-party services — the references mention external '打码' services (e.g., 2Captcha) — if you later configure such services you will need API keys; treat those secrets carefully. Recommend testing in a controlled environment, avoid use on sensitive/protected sites, and review applicable policies before enabling automatic invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk979tzn7z5shgzyxgyfddvr6q184dj41
License
MIT-0
Free to use, modify, and redistribute. No attribution required.