← Back to Skills Marketplace
1051
Downloads
2
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install flaresolverr
Description
Bypass Cloudflare protection by routing requests through FlareSolverr’s browser API, handling challenges and returning page content, cookies, and headers.
README (SKILL.md)
FlareSolverr — Cloudflare Bypass
Use FlareSolverr to bypass Cloudflare protection when direct curl requests fail with 403 or Cloudflare challenge pages.
Setup
- Run FlareSolverr (Docker recommended):
docker run -d --name flaresolverr -p 8191:8191 ghcr.io/flaresolverr/flaresolverr:latest
- Set the environment variable:
export FLARESOLVERR_URL="http://localhost:8191"
- Verify:
curl -s "$FLARESOLVERR_URL/health" | jq '.'
# Expected: {"status":"ok","version":"3.x.x"}
When to Use
- Direct curl fails with 403 Forbidden
- Cloudflare challenge page appears (JS challenge, captcha, "Checking your browser")
- Bot detection blocks automated requests
- Rate limiting or anti-scraping measures
Workflow
- Try direct curl first (it's faster and simpler)
- If blocked: Use FlareSolverr to get cookies/user-agent
- Reuse session for subsequent requests (optional, for performance)
Basic Usage
Simple GET Request
curl -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com/protected-page",
"maxTimeout": 60000
}' | jq '.'
Response Structure
{
"status": "ok",
"message": "Challenge solved!",
"solution": {
"url": "https://example.com/protected-page",
"status": 200,
"headers": {},
"response": "\x3Chtml>...\x3C/html>",
"cookies": [
{
"name": "cf_clearance",
"value": "...",
"domain": ".example.com"
}
],
"userAgent": "Mozilla/5.0 ..."
},
"startTimestamp": 1234567890,
"endTimestamp": 1234567895,
"version": "3.3.2"
}
Extract Page Content
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com/protected-page"
}' | jq -r '.solution.response'
Extract Cookies
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com"
}' | jq -r '.solution.cookies[] | "\(.name)=\(.value)"'
Session Management
Sessions allow reusing browser context (cookies, user-agent) for multiple requests, improving performance.
Create Session
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{"cmd": "sessions.create"}' | jq -r '.session'
Use Session for Request
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com/page1",
"session": "SESSION_ID"
}' | jq -r '.solution.response'
List Active Sessions
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{"cmd": "sessions.list"}' | jq '.sessions'
Destroy Session
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "sessions.destroy",
"session": "SESSION_ID"
}'
POST Requests
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.post",
"url": "https://example.com/api/endpoint",
"postData": "key1=value1&key2=value2",
"maxTimeout": 60000
}' | jq '.'
For JSON POST data:
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.post",
"url": "https://example.com/api/endpoint",
"postData": "{\"key\":\"value\"}",
"headers": {
"Content-Type": "application/json"
}
}' | jq '.'
Advanced Options
Custom User-Agent
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
}' | jq '.'
Custom Headers
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com",
"headers": {
"Accept-Language": "en-US,en;q=0.9",
"Referer": "https://google.com"
}
}' | jq '.'
Proxy Support
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com",
"proxy": {
"url": "http://proxy.example.com:8080"
}
}' | jq '.'
Download Binary Content
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com/file.pdf",
"download": true
}' | jq -r '.solution.response' | base64 -d > file.pdf
Error Handling
Common Errors
"status": "error": Request failed (checkmessagefield)"status": "timeout": maxTimeout exceeded (increase timeout)"status": "captcha": Manual captcha required (rare, usually auto-solved)
Check Status
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{"cmd": "request.get", "url": "https://example.com"}' | \
jq -r '.status'
Example Workflow
Bypass Cloudflare and Extract Data
# Step 1: Fetch page through FlareSolverr
RESPONSE=$(curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{
"cmd": "request.get",
"url": "https://example.com/protected-page"
}')
# Step 2: Check if successful
STATUS=$(echo "$RESPONSE" | jq -r '.status')
if [ "$STATUS" != "ok" ]; then
echo "Failed: $(echo "$RESPONSE" | jq -r '.message')"
exit 1
fi
# Step 3: Extract and parse HTML
echo "$RESPONSE" | jq -r '.solution.response'
Multi-Page Session
# Create session
SESSION=$(curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d '{"cmd": "sessions.create"}' | jq -r '.session')
# Page 1
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d "{\"cmd\": \"request.get\", \"url\": \"https://example.com/page1\", \"session\": \"$SESSION\"}" | \
jq -r '.solution.response'
# Page 2 (reuses cookies from page 1)
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d "{\"cmd\": \"request.get\", \"url\": \"https://example.com/page2\", \"session\": \"$SESSION\"}" | \
jq -r '.solution.response'
# Cleanup
curl -s -X POST "$FLARESOLVERR_URL/v1" \
-H "Content-Type: application/json" \
-d "{\"cmd\": \"sessions.destroy\", \"session\": \"$SESSION\"}"
Health Check
curl -s "$FLARESOLVERR_URL/health" | jq '.'
Performance Tips
- Use sessions for multiple requests to same domain (reuses cookies/context)
- Increase maxTimeout for slow sites (default: 60000ms)
- Fallback to direct curl when possible (FlareSolverr is slower due to browser overhead)
- Destroy sessions when done to free resources
Limitations
- Slower than direct curl (launches headless browser)
- Resource intensive (limit concurrent requests)
- May not solve all captchas (most Cloudflare challenges work)
- HTML only in response (no client-side JS execution after fetch)
Best Practices
- Always try direct curl first
- Use sessions for multi-page workflows
- Set appropriate maxTimeout (default 60s, increase for slow sites)
- Clean up sessions when done
- Handle errors gracefully (check
statusfield) - Rate limit your requests (don't overwhelm FlareSolverr or target site)
Usage Guidance
This skill appears coherent for running and using a FlareSolverr HTTP API. Before installing: prefer running FlareSolverr yourself (the SKILL.md suggests the ghcr.io Docker image) so requests and solved pages stay on your host; do not set FLARESOLVERR_URL to an untrusted public endpoint (that service will see all target URLs, page content, and cookies); consider legal/terms-of-service implications of bypassing protections and respect rate limits; and keep curl/jq available on the agent environment. Autonomy is allowed by default but the skill does not request elevated/system-wide privileges.
Capability Analysis
Type: OpenClaw Skill
Name: flaresolverr
Version: 1.0.0
The skill `flaresolverr` is designed to bypass Cloudflare protection for web scraping, which inherently involves powerful capabilities like making arbitrary network requests to external domains and downloading content to the local filesystem (demonstrated by `base64 -d > file.pdf` in SKILL.md). While these capabilities are necessary for the stated purpose, they represent significant security risks if the AI agent's input is not rigorously sanitized or if the agent is maliciously prompted. There is no explicit evidence of intentional harmful behavior such as data exfiltration, persistence mechanisms, or obfuscation within the provided files, but the broad permissions and potential for abuse classify it as suspicious rather than benign.
Capability Assessment
Purpose & Capability
Name, description, declared binaries (curl, jq), and required env var (FLARESOLVERR_URL) align with using an external FlareSolverr HTTP API. The SKILL.md only documents calling that API and managing sessions/cookies, which is expected for this purpose.
Instruction Scope
Instructions stay within the skill's scope: run FlareSolverr (Docker), set FLARESOLVERR_URL, and POST JSON requests to /v1. The skill makes and extracts page content, cookies, headers and supports proxies/sessions — all reasonable for a bypass/scraping helper. Note: because the skill returns full page content and cookies, using a remote/untrusted FLARESOLVERR_URL would expose requested URLs and page data to that host (privacy/exfiltration risk).
Install Mechanism
Instruction-only skill (no install spec or code). SKILL.md advises running the official ghcr.io/flaresolverr image via docker run — a standard, expected approach and not an arbitrary download URL from an unknown server.
Credentials
Only FLARESOLVERR_URL is required and declared as the primaryEnv, which is proportional. Caution: that single env var controls the service endpoint — pointing it to an untrusted third-party service could leak all requested URLs, page contents, and cookies to that remote operator.
Persistence & Privilege
always:false and no install or persistent configuration changes are requested. The skill does not ask to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install flaresolverr - After installation, invoke the skill by name or use
/flaresolverr - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Cloudflare bypass via FlareSolverr proxy. ENV-based config, session management, GET/POST, proxy support, error handling.
Metadata
Frequently Asked Questions
What is FlareSolverr — Cloudflare Bypass?
Bypass Cloudflare protection by routing requests through FlareSolverr’s browser API, handling challenges and returning page content, cookies, and headers. It is an AI Agent Skill for Claude Code / OpenClaw, with 1051 downloads so far.
How do I install FlareSolverr — Cloudflare Bypass?
Run "/install flaresolverr" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is FlareSolverr — Cloudflare Bypass free?
Yes, FlareSolverr — Cloudflare Bypass is completely free (open-source). You can download, install and use it at no cost.
Which platforms does FlareSolverr — Cloudflare Bypass support?
FlareSolverr — Cloudflare Bypass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created FlareSolverr — Cloudflare Bypass?
It is built and maintained by Dolverin (@dolverin); the current version is v1.0.0.
More Skills