Description

Human-in-the-loop CAPTCHA solving with two modes: screenshot (default, zero infrastructure) and token relay (requires network access). Screenshot mode captur...

README (SKILL.md)

CAPTCHA Relay v2

Name: Captcha Relay
Author: 0xclanky

Solve CAPTCHAs by relaying them to a human. Two modes available.

Modes

Screenshot Mode (default) — No infrastructure needed

Grid overlay screenshot → send image to human via Telegram → human replies with cell numbers → inject clicks.

Zero setup beyond the skill itself. No Tailscale, no tunnels, no relay server.
Works for any CAPTCHA type (reCAPTCHA, hCaptcha, sliders, text, etc.)
Uses sharp for image processing + CDP for screenshots and click injection.

node index.js                       # screenshot mode (default)
node index.js --mode screenshot     # explicit
node index.js --screenshot          # legacy alias

const { solveCaptchaScreenshot } = require('./index');
const capture = await solveCaptchaScreenshot({ cdpPort: 18800 });
// capture.imagePath — annotated screenshot to send to human
// capture.prompt — text prompt for the human

Token Relay Mode — Requires network access

Detects CAPTCHA type + sitekey → serves real widget on relay page → human solves natively → token injected via CDP.

Requires Tailscale or a tunnel (localtunnel/cloudflared) so the human's device can reach the relay server.
Produces a proper CAPTCHA token — more reliable for reCAPTCHA v2, hCaptcha, Turnstile.
Best when you have Tailscale already set up.

node index.js --mode relay              # with localtunnel
node index.js --mode relay --no-tunnel  # with Tailscale/LAN

const { solveCaptcha } = require('./index');
const result = await solveCaptcha({ cdpPort: 18800, useTunnel: false });
// result.relayUrl — URL to send to human
// result.token — solved CAPTCHA token

When to Use Each

Scenario	Mode
Quick & easy, no setup	`screenshot`
Any CAPTCHA type (sliders, text, etc.)	`screenshot`
Known CAPTCHA with sitekey (reCAPTCHA, hCaptcha, Turnstile)	`relay`
Tailscale already configured	`relay`
No network access to host	`screenshot`

CLI Flags

Flag	Default	Description
`--mode screenshot\|relay`	`screenshot`	Select solving mode
`--screenshot`	—	Alias for `--mode screenshot`
`--no-inject`	inject	Return token without injecting into browser
`--no-tunnel`	tunnel	Skip tunnel, use local/Tailscale IP (relay mode)
`--timeout N`	120	Timeout in seconds
`--cdp-port N`	18800	Chrome DevTools Protocol port

Agent Workflow

Screenshot mode (simplest)

Call solveCaptchaScreenshot({ cdpPort })
Send capture.imagePath to human via message tool with capture.prompt
Human replies with cell numbers (e.g. "1,3,5,7")
Call injectGridClicks(cdpPort, capture, selectedCells) to click those cells

Relay mode

Call solveCaptcha({ useTunnel: false }) (Tailscale) or solveCaptcha() (tunnel)
Send result.relayUrl to human via message tool
Wait — resolves when human completes the CAPTCHA
Token is auto-injected; continue automation

Requirements

Chrome/Chromium with --remote-debugging-port=18800
Node.js 18+ and npm install (deps: ws, sharp)
Relay mode only: Tailscale or internet for tunnel

Usage Guidance

This package appears internally consistent with its purpose, but it carries expected risks you should consider before using: - Functional risks: relay mode opens an HTTP server (0.0.0.0) and can create a public tunnel (localtunnel/cloudflared) or rely on your Tailscale network — anyone who can reach the relay URL or Tailscale IP can view and interact with your browser tab. Treat relay URLs as sensitive and prefer Tailscale/LAN over public tunnels when possible. - Sensitive data: solved tokens are written to /tmp/captcha-relay-token.txt and may be logged; running on a shared host could leak tokens or page contents. Clean /tmp after use and avoid running on machines with sensitive logged-in sessions. - Remote code fetch: tunnel mode may run 'npx localtunnel' at runtime (fetches packages) and the Tailscale docs instruct using the official install script (curl | sh). Only run those commands if you trust the sources and understand the installation implications. - Least privilege: if you only need the screenshot fallback, use screenshot mode (no network exposure). When using relay mode, use --no-inject if you want to receive the token but not have it automatically injected, and set sensible timeouts. Run the tool in an isolated/testing VM for initial evaluation. - Code review: if you have strict security requirements, review tunnel.js and any code paths that spawn subprocesses, and consider running with limited network access / non-root user. If you accept those trade-offs, the skill is coherent and does what it claims; otherwise treat relay mode as a high-privilege feature and restrict its use.

Capability Analysis

Type: OpenClaw Skill Name: captcha-relay Version: 2.1.0 The skill is classified as suspicious due to its reliance on spawning external processes (`npx localtunnel`, `cloudflared`, `tailscale ip`) via `child_process.spawn` and `execSync` in `lib/tunnel.js`. While these actions are for the stated purpose of creating network tunnels, they introduce a significant supply chain vulnerability. A compromise of the `localtunnel` NPM package or the `cloudflared`/`tailscale` binaries could lead to arbitrary code execution on the host system. Additionally, the skill creates a public-facing HTTP server and tunnels, which, despite being for a legitimate purpose, inherently increases the attack surface.

Capability Assessment

✓ Purpose & Capability

The name/description (screenshot and token relay) align with the code and docs. The package implements CDP-based screenshots/injection, a local HTTP relay server, templates to render real widgets, and tunneling options (localtunnel/cloudflared/Tailscale). Required binaries/libraries (Node, Chrome with --remote-debugging-port, ws, sharp) are coherent with the stated capabilities. Nothing in the code requests unrelated credentials or unexpected platform access.

ℹ Instruction Scope

SKILL.md and the included docs describe sending annotated screenshots or a relay URL to a human via messaging and then injecting clicks/tokens into the automated browser. The relay server writes received tokens to a predictable file (/tmp/captcha-relay-token.txt) and serves an HTTP endpoint on 0.0.0.0; both are deliberate design choices but worth noting. TAILSCALE.md and ARCHITECTURE.md include instructions to run remote install helpers (e.g. curl|sh for Tailscale) and to use npx localtunnel — these are manual steps the user would run and are documented. The instructions do not ask the agent to read unrelated system files or secrets.

ℹ Install Mechanism

There is no platform install spec in the registry (instruction-only), but the package contains code and expects 'npm install' (deps: ws, sharp). The code may rely at runtime on 'npx localtunnel' (which downloads a package on demand) or on a system cloudflared binary; using npx/localtunnel/cloudflared is a moderate-risk, expected choice for tunneling but does fetch/execute code from registries or binaries at runtime. No downloads from unfamiliar personal servers are embedded in the code itself.

✓ Credentials

The skill does not request environment variables, secret tokens, or unrelated credentials. Tailscale usage requires the user to authenticate their Tailscale client separately (documented). The code writes tokens to /tmp for convenience; this is proportional to the relay purpose but may be sensitive in shared environments.

ℹ Persistence & Privilege

The skill does not request 'always: true' and is user-invocable only. It starts local HTTP servers and (optionally) public tunnels and can stream a browser tab and accept remote input — capabilities necessary for the feature but high-privilege in practice (a remote human can view and interact with the automated browser/tab). It does not modify other skills or global agent settings.

Version History

v2.1.0

Initial publish — human-in-the-loop CAPTCHA solving via screenshot or token relay

v2.0.0

v2: Token relay architecture with Tailscale support. Serves real CAPTCHA widgets to human device, captures token, injects back into browser via CDP. Supports reCAPTCHA v2, hCaptcha, Turnstile plus screenshot fallback.

v0.1.0

Initial release: human-in-the-loop CAPTCHA solving via Telegram with inline buttons. Supports reCAPTCHA v2 grid challenges. Connects to Chrome via CDP.

Metadata

Slug captcha-relay

Version 2.1.0

License —

All-time Installs 4

Active Installs 3

Total Versions 3

Frequently Asked Questions

What is Captcha Relay?

Human-in-the-loop CAPTCHA solving with two modes: screenshot (default, zero infrastructure) and token relay (requires network access). Screenshot mode captur... It is an AI Agent Skill for Claude Code / OpenClaw, with 766 downloads so far.

How do I install Captcha Relay?

Run "/install captcha-relay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Captcha Relay free?

Yes, Captcha Relay is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Captcha Relay support?

Captcha Relay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Captcha Relay?

It is built and maintained by 0xclanky (@0xclanky); the current version is v2.1.0.

More Skills

Captcha Relay