ClawHub

captcha-base-skill

Security checks across malware telemetry and agentic risk

Overview

This CAPTCHA-solving skill is coherent and disclosed, but cloud mode can upload CAPTCHA data to a third-party provider when enabled.

Use this only for CAPTCHA workflows you are authorized to automate. Leave JFBYM_TOKEN unset for local-only operation; if you enable cloud solving, expect supplied CAPTCHA images and any challenge metadata you pass, such as page URLs or site keys, to be sent to JFBYM and potentially billed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The CLI exposes commands that can submit captcha images, page metadata, and related inputs to a third-party paid cloud service, but the interface does not provide any explicit warning, confirmation, or clear disclosure when network transmission may occur. In an automation/RPA context, these images can contain sensitive session, account, or workflow data, so silent exfiltration to an external service creates a real privacy and compliance risk even if it is part of intended functionality.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The SDK sends tokens, CAPTCHA images, page URLs, and related metadata to a third-party cloud service without any built-in disclosure, consent prompt, or guardrail. In an automation or agent context, this can expose sensitive page context or user-provided images to an external provider unexpectedly, which is especially relevant because the skill advertises local-first behavior while this module enables cloud fallback.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal