Skills
skills/openclaw/skills/captcha-solver/Gen Agent Trust Hub

captcha-solver

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface as it processes external untrusted web pages through a browser subagent while maintaining access to a credential vault.
  • Ingestion points: Untrusted web content containing CAPTCHA challenges interpreted by the agent.
  • Boundary markers: None specified in the logic to separate web content from agent instructions.
  • Capability inventory: Access to hustle_vault (credential read/write) and browser_subagent (web interaction).
  • Sanitization: None mentioned. A malicious website could embed instructions in the page source to trick the agent into reading the 2CAPTCHA_API_KEY from the vault and exfiltrating it.
  • Unverifiable Dependencies (MEDIUM): The skill instructions require the manual execution of a local Python script (hustle/engine/vault.py) which is part of an untrusted GitHub repository (clawdbot/skills). This presents a remote code execution risk if the repository contains malicious logic.
  • Credentials Unsafe (MEDIUM): The skill specifically targets the storage and retrieval of 2CAPTCHA_API_KEY. While it uses a 'vault' script, the handling of high-value third-party credentials by an agent interacting with the open web is a high-risk pattern.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 02:54 PM