captcha

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is explicitly designed to bypass CAPTCHA protections: it programmatically submits sitekeys/page URLs and screenshots to third‑party solving services and vision AIs, and includes detailed guidance to evade bot detection (stealth flags, residential proxies, mouse simulation). While the code does not contain hidden backdoors, remote execution, obfuscated payloads, or credential‑theft routines, it intentionally exfiltrates page data (site URLs, sitekeys, and screenshots) to external services and provides clear operational guidance to evade defenses, making it high risk for abuse (account takeover, scraping, automated fraud).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and interprets untrusted public webpage content (extracting sitekeys and page URLs via detection JS in references/captcha-types.md and SKILL.md) and screenshots image-grid challenges from arbitrary target sites which scripts/solve_image_grid.py then send to external vision AIs (Claude/OpenAI) whose JSON response drives clicks and subsequent automation actions, so third‑party content can directly influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime calls to third-party CAPTCHA solvers (e.g. https://2captcha.com, https://api.capmonster.cloud, https://api.anti-captcha.com) to fetch tokens and also sends screenshots to vision-AI APIs (Anthropic/OpenAI via ANTHROPIC_API_KEY / OPENAI_API_KEY, e.g. https://api.anthropic.com) whose responses directly determine which UI elements to click, so these external endpoints are required at runtime and their returned content directly controls agent actions.