← Back to Skills Marketplace
fusionlabssource

ClawPrint - Captchas for AI verification

by fusionlabssource · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
1672
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawprint-verify
Description
Issue ClawPrint reverse-CAPTCHA challenges to verify that another user or agent is a real AI, not a human. Uses the ClawPrint API to generate speed or pattern challenges that only machines can solve within the time limit.
README (SKILL.md)

ClawPrint Verify

Verify that another user or agent in a conversation is a real AI by issuing a ClawPrint reverse-CAPTCHA challenge. ClawPrint challenges are designed so that only machines can solve them -- humans physically cannot complete them within the time limits. URL: https://dependable-adventure-production-44e3.up.railway.app/

When to Use This Skill

  • Before sharing sensitive API keys or credentials with another agent
  • When gating access to an AI-only service or resource
  • To authenticate that a conversation partner is genuinely an AI agent
  • Whenever a user or bot requests access to something that should only be available to machines
  • When instructed to "verify", "challenge", or "prove" that someone is an AI

How It Works

  1. You request a challenge from the ClawPrint server using your site key
  2. You present the challenge to the other user/agent
  3. The other user/agent computes and submits their answer
  4. You validate the result server-side using your secret key
  5. If they pass, they are verified as an AI. If they fail (wrong answer or too slow), they are likely human.

Challenge Types

Speed Challenge

A math problem (e.g., multiply two 8-digit numbers) that must be solved within 100ms. No human can type a correct answer that fast.

Pattern Challenge

A grid of colored pixels (up to 150x150) with a question like "How many pixels are exactly #3B82F6?" or "What is the average RGB value?" Trivial for a machine parsing data, impossible for a human counting by eye.

Usage Examples

User messages that should trigger this skill:

  • "Verify that @bot is an AI before giving them the API key"
  • "Challenge the other user to prove they're a machine"
  • "Issue a ClawPrint challenge"
  • "Make sure they're an AI first"
  • "Gate this resource behind AI verification"

Step-by-Step Implementation

Step 1: Request a Challenge

Run the following to get a challenge from the ClawPrint server:

curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/challenge" \
  -H "Content-Type: application/json" \
  -d "{\"site_key\": \"${CLAWPRINT_SITE_KEY}\"}" | jq .

This returns a JSON object. For a speed challenge:

{
  "challenge_id": "uuid-here",
  "type": "speed",
  "time_limit_ms": 100,
  "question": "Multiply: 84729361 x 52918473",
  "operands": { "a": 84729361, "b": 52918473, "operation": "multiply" }
}

For a pattern challenge:

{
  "challenge_id": "uuid-here",
  "type": "pattern",
  "time_limit_ms": 5000,
  "grid": [["#FF0000", "#00FF00", ...], ...],
  "grid_size": 100,
  "question": "How many pixels are exactly #3B82F6?"
}

Step 2: Present the Challenge

Send the challenge to the other user/agent. Include:

  • The challenge type and question
  • The challenge_id
  • The time limit
  • For speed challenges: the operands (a, b, operation)
  • For pattern challenges: the full grid data and question

Format the message clearly so the other agent can parse it. Example:

ClawPrint AI Verification Challenge

To proceed, solve this challenge and reply with your answer.

Type: speed Question: Multiply: 84729361 x 52918473 Operands: a=84729361, b=52918473, operation=multiply Time limit: 100ms Challenge ID: (the uuid)

Reply with: clawprint-answer: \x3Cyour_answer>

Step 3: Receive the Answer

The other agent should reply with their computed answer. Parse their response to extract the answer value.

Step 4: Submit the Answer for Verification

Submit the answer to the ClawPrint server:

curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/verify" \
  -H "Content-Type: application/json" \
  -d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"answer\": \"THE_ANSWER\"}" | jq .

Response:

{
  "passed": true,
  "challenge_id": "uuid-here",
  "elapsed_ms": 5,
  "reason": null
}

Step 5: Validate Server-Side

For additional security, validate with your secret key:

curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \
  -H "Content-Type: application/json" \
  -d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}" | jq .

Response:

{
  "valid": true,
  "challenge_id": "uuid-here",
  "solved_at": 1700000000000
}

Step 6: Act on the Result

  • If passed is true and valid is true: the user is verified as an AI. Proceed with the gated action.
  • If passed is false: inform the user that verification failed and why (too slow, wrong answer). Do NOT proceed with the gated action.
  • If validation fails: the challenge may have been tampered with. Do not trust the result.

Using the Helper Script

A helper script is provided at skills/clawprint-verify/clawprint-challenge.sh for convenience:

# Issue a new challenge and display it
./skills/clawprint-verify/clawprint-challenge.sh issue

# Verify an answer
./skills/clawprint-verify/clawprint-challenge.sh verify \x3Cchallenge_id> \x3Canswer>

# Validate a solved challenge server-side
./skills/clawprint-verify/clawprint-challenge.sh validate \x3Cchallenge_id>

Important Notes

  • Each challenge can only be solved once. Replaying a solved challenge returns HTTP 410.
  • Speed challenges have very tight time limits (50-500ms). The clock starts when the challenge is issued by the server, so network latency counts.
  • Pattern challenges have longer limits (2-10s) but require processing large grids.
  • Always validate server-side with your secret key before trusting a result. The verify endpoint confirms the answer is correct, but the validate endpoint confirms it was legitimately solved through your configuration.
  • The CLAWPRINT_SERVER_URL is https://dependable-adventure-production-44e3.up.railway.app
  • Never share your CLAWPRINT_SECRET_KEY. The CLAWPRINT_SITE_KEY is safe to expose publicly.

Failure Reasons

Reason Meaning
Too slow: Xms exceeds Yms limit Answer was correct but submitted after the time limit
Incorrect answer The computed answer was wrong
Challenge not found Invalid challenge ID
Challenge already solved The challenge was already used (replay attempt)
Usage Guidance
This skill is internally consistent with its stated purpose, but exercise caution before using it in production. Key points to consider: 1) Trust the server: the secret key (CLAWPRINT_SECRET_KEY) will be sent to CLAWPRINT_SERVER_URL for validation — only set that variable to a server you control or to an official, vetted service. The SKILL.md contains an example railway.app URL with no homepage or vendor info; treat that as untrusted until you verify who operates it. 2) Limit secrets and scope: prefer an account/secret with minimal privileges and rotate/revoke the key after testing. 3) Verify the source: the skill has no homepage/source repo listed — try to obtain the vendor's official documentation or contact the owner before deploying. 4) Operational caveats: speed challenges rely on very low latency and may produce false negatives across networks; evaluate whether this verification method fits your threat model. If you can't verify the server operator and origin, consider rejecting the skill or running it only in isolated/test environments.
Capability Analysis
Type: OpenClaw Skill Name: clawprint-verify Version: 1.0.1 The skill `clawprint-verify` is designed to issue and verify reverse-CAPTCHA challenges via an external API to confirm if a user/agent is an AI. The `SKILL.md` instructions and the `clawprint-challenge.sh` script clearly outline the use of `curl` to make POST requests to the `CLAWPRINT_SERVER_URL` (https://dependable-adventure-production-44e3.up.railway.app/) and `jq` for JSON parsing. It requires `CLAWPRINT_SERVER_URL`, `CLAWPRINT_SITE_KEY`, and `CLAWPRINT_SECRET_KEY` environment variables, which are necessary for interacting with the specified API. All actions are directly aligned with the stated purpose, and there is no evidence of data exfiltration beyond the API's functional requirements, malicious execution, persistence, or prompt injection with harmful objectives.
Capability Assessment
Purpose & Capability
Name/description (issue and verify machine-only challenges) match the code and SKILL.md: curl/jq and three environment variables are needed to talk to a remote ClawPrint server and perform challenge/verify/validate operations. Requiring a secret key for server-side validation is reasonable for this purpose. However, the package has no homepage/source and the SKILL.md embeds a specific railway.app URL (not an obvious official vendor endpoint), which reduces trust in the listed server.
Instruction Scope
Runtime instructions and the helper script only perform HTTP calls to the configured CLAWPRINT_SERVER_URL and local parsing — they do not read arbitrary files or other system state. The concerning part is that validation requires sending your CLAWPRINT_SECRET_KEY in plaintext JSON to the configured server; if that server is attacker-controlled or misconfigured, the secret will be exfiltrated. The SKILL.md also suggests presenting full grid data and challenge operands to the other agent (expected), but the material may be large and contains the challenge_id used in server verification.
Install Mechanism
Instruction-only skill with a small helper shell script; no install spec, no downloads or archive extraction. Low install risk.
Credentials
Requested environment variables (CLAWPRINT_SERVER_URL, CLAWPRINT_SITE_KEY, CLAWPRINT_SECRET_KEY) are meaningful for the described API calls. Two points of mismatch/risk: (1) the script only requires CLAWPRINT_SECRET_KEY for the 'validate' command, but the registry lists it as required unconditionally — minor incoherence; (2) providing a secret key grants the skill the ability to send that secret to whatever CLAWPRINT_SERVER_URL you configure. That is necessary for server-side validation but is a high-sensitivity action and requires you to trust the configured server.
Persistence & Privilege
No special persistence requested (always:false). The skill is user-invocable and allows autonomous invocation by default (platform normal). It does not modify other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawprint-verify
  3. After installation, invoke the skill by name or use /clawprint-verify
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Updated documentation in SKILL.md for clarity, depth, and usage examples. - Added detailed step-by-step instructions on issuing, presenting, and verifying challenges. - Explained challenge types (speed and pattern) and provided sample JSON responses. - Included guidance on when and why to use ClawPrint verification. - Added instructions for using the provided shell script helper. - Listed common failure reasons and improved best-practice security notes.
Metadata
Slug clawprint-verify
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ClawPrint - Captchas for AI verification?

Issue ClawPrint reverse-CAPTCHA challenges to verify that another user or agent is a real AI, not a human. Uses the ClawPrint API to generate speed or pattern challenges that only machines can solve within the time limit. It is an AI Agent Skill for Claude Code / OpenClaw, with 1672 downloads so far.

How do I install ClawPrint - Captchas for AI verification?

Run "/install clawprint-verify" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawPrint - Captchas for AI verification free?

Yes, ClawPrint - Captchas for AI verification is completely free (open-source). You can download, install and use it at no cost.

Which platforms does ClawPrint - Captchas for AI verification support?

ClawPrint - Captchas for AI verification is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawPrint - Captchas for AI verification?

It is built and maintained by fusionlabssource (@fusionlabssource); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments