← Back to Skills Marketplace
leungbh

captcha-login-assistant

by leungBH · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
286
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install captcha-login-assistant
Description
Assist with web login processes that require CAPTCHA verification. Uses Chrome DevTools MCP to capture screenshots, recognizes CAPTCHA codes using AI vision,...
README (SKILL.md)

\r \r

CAPTCHA Login Assistant\r

\r

Overview\r

\r This skill automates the login process for web systems requiring CAPTCHA verification. It uses Chrome DevTools MCP to capture login page screenshots, employs AI vision to recognize CAPTCHA codes, automatically fills in account credentials and CAPTCHA, and completes the login operation.\r \r

Applicable Scenarios\r

\r

  • Web system logins requiring CAPTCHA verification\r
  • Login scenarios with short CAPTCHA validity periods\r
  • Situations requiring rapid consecutive login operations\r \r

Core Workflow\r

\r

1. Preparation\r

\r Ensure the following tools are available:\r

  • Chrome DevTools MCP service\r
  • Target login page URL\r
  • Valid account credentials (username and password)\r \r

2. Login Steps\r

\r

Step 1: Refresh Page to Get New CAPTCHA\r

// Navigate to login page and refresh\r
mcp_chrome-devtools-mcp_navigate_page({\r
  "type": "reload"\r
})\r
```\r
\r
#### Step 2: Capture Login Page Screenshot\r
```javascript\r
// Capture current page viewport\r
mcp_chrome-devtools-mcp_take_screenshot({\r
  "filePath": "path/to/login_screenshot.png"\r
})\r
```\r
\r
#### Step 3: Recognize CAPTCHA\r
- View the CAPTCHA image in the screenshot\r
- CAPTCHA is usually located to the right of the "Enter CAPTCHA" input field\r
- Carefully identify CAPTCHA characters (note case sensitivity)\r
\r
#### Step 4: Quickly Fill Form\r
```javascript\r
// Use JavaScript to fill all fields simultaneously\r
mcp_chrome-devtools-mcp_evaluate_script({\r
  "function": "() => {\
    const username = document.querySelector('input[name=\"username\"]');\
    const password = document.querySelector('input[name=\"password\"]');\
    const verifyCode = document.querySelector('input[name=\"verifyCode\"]');\
    \
    if (username) {\
      username.value = 'your_username';\
      username.dispatchEvent(new Event('input', { bubbles: true }));\
    }\
    if (password) {\
      password.value = 'your_password';\
      password.dispatchEvent(new Event('input', { bubbles: true }));\
    }\
    if (verifyCode) {\
      verifyCode.value = 'recognized_captcha';\
      verifyCode.dispatchEvent(new Event('input', { bubbles: true }));\
    }\
    return 'filled';\
  }"\r
})\r
```\r
\r
#### Step 5: Click Login Button\r
```javascript\r
// Click login button\r
mcp_chrome-devtools-mcp_evaluate_script({\r
  "function": "() => {\
    const loginBtn = document.querySelector('button[type=\"submit\"]') || document.querySelector('button');\
    if (loginBtn) {\
      loginBtn.click();\
      return 'login_clicked';\
    }\
    return 'button_not_found';\
  }"\r
})\r
```\r
\r
#### Step 6: Verify Login Result\r
```javascript\r
// Wait for post-login page elements\r
mcp_chrome-devtools-mcp_wait_for({\r
  "text": ["Home", "Dashboard", "System", "Logout"],\r
  "timeout": 5000\r
})\r
```\r
\r
## Key Insights\r
\r
### CAPTCHA Recognition Tips\r
\r
1. **Clear Screenshot** - Ensure CAPTCHA image is clearly visible within screenshot bounds\r
2. **Time Sensitivity** - CAPTCHA typically has short validity (1-3 seconds), fill immediately after recognition\r
3. **Careful Identification** - Distinguish similar characters (e.g., 0 vs O, 1 vs l, 5 vs S)\r
4. **Case Sensitivity** - CAPTCHA is usually case-sensitive\r
\r
### Common Issues\r
\r
#### CAPTCHA Verification Failed\r
- **Cause**: CAPTCHA has expired\r
- **Solution**: Immediately recapture screenshot, recognize new CAPTCHA, and resubmit\r
\r
#### Page Element Not Found\r
- **Cause**: Page not fully loaded or element ID changed\r
- **Solution**: Get page snapshot first to confirm element existence\r
\r
#### Redirected Back to Login After Login\r
- **Cause**: Session expired or token invalid\r
- **Solution**: Re-execute complete login workflow\r
\r
## Best Practices\r
\r
1. **Parallel Processing** - Screenshot capture and form preparation can be done in parallel\r
2. **Quick Response** - Fill form immediately after CAPTCHA recognition to minimize expiration risk\r
3. **Use JavaScript** - Direct DOM manipulation is faster than fill tools\r
4. **Verify Results** - Check page content after login to confirm success\r
\r
## Examples\r
\r
### Example 1: Standard Login Workflow\r
\r
```\r
User: Help me login to this system http://example.com/login, username admin, password 123456\r
\r
Execution Steps:\r
1. Navigate to login page\r
2. Capture screenshot to get CAPTCHA\r
3. Recognize CAPTCHA as "Ab3d"\r
4. Use JavaScript to fill username, password, and CAPTCHA\r
5. Click login button\r
6. Verify successful login\r
```\r
\r
### Example 2: CAPTCHA Expiration Retry\r
\r
```\r
If login fails showing "CAPTCHA verification failed":\r
1. Immediately recapture screenshot\r
2. Recognize new CAPTCHA\r
3. Refill and submit\r
4. Retry multiple times if necessary\r
```\r
\r
## Important Notes\r
\r
1. **Security** - Do not log passwords in logs\r
2. **Privacy** - Handle screenshots containing sensitive information appropriately\r
3. **Rate Limiting** - Be aware of system login rate limits to avoid triggering security mechanisms\r
4. **CAPTCHA Complexity** - For complex CAPTCHAs (distorted, with interference lines), multiple attempts may be needed\r
\r
## Troubleshooting\r
\r
| Issue | Possible Cause | Solution |\r
|-------|---------------|----------|\r
| Empty CAPTCHA recognition | Screenshot doesn't include CAPTCHA | Adjust screenshot bounds |\r
| Login button not found | Page not fully loaded | Wait for page load before operation |\r
| Repeated verification failures | CAPTCHA expires too quickly | Manual login or contact administrator |\r
| Redirect to login after login | Session issue | Clear cookies and retry |\r
Usage Guidance
Before installing, consider the following: - This skill automates login and CAPTCHA solving and will need account credentials and page access to work. Ask the publisher how credentials should be supplied securely (prefer runtime secure prompts or a dedicated secret store—do not paste passwords into the SKILL.md or chat history). - Automated CAPTCHA solving can be used to circumvent anti-abuse controls; ensure you have lawful, authorized use for any target system and that automation won't violate terms of service. - The SKILL.md captures screenshots (which may contain sensitive data). Confirm where screenshots are written and ensure they are not persisted insecurely. - Because there are no declared env vars or primary credential fields, there's a risk implementers will embed secrets directly into executed scripts. If you install, require the skill to accept credentials via a secure secret mechanism and add explicit instructions to avoid logging or persisting them. - If you do not trust the skill author or cannot obtain answers to the above, do not install. If you proceed, test only on accounts and systems you control and monitor for unexpected behavior.
Capability Analysis
Type: OpenClaw Skill Name: captcha-login-assistant Version: 1.0.0 This skill automates the process of logging into websites by bypassing CAPTCHA using Chrome DevTools MCP and AI vision. It utilizes high-risk functions like `mcp_chrome-devtools-mcp_evaluate_script` in `SKILL.md` to programmatically inject usernames and passwords into web forms. While the stated purpose is a 'login assistant,' the ability to automate security bypasses and handle raw credentials programmatically presents a significant risk for misuse, such as automated account access or credential stuffing, despite lacking explicit evidence of data exfiltration.
Capability Assessment
Purpose & Capability
The name/description (automate CAPTCHA logins via Chrome DevTools MCP and AI vision) aligns with the SKILL.md actions (navigate, screenshot, run DOM scripts, submit). However, the skill assumes supply of account credentials and recognized CAPTCHA values without declaring how those secrets are provided or protected (no env vars, no secure input mechanism). That omission is notable because handling passwords is central to the stated purpose.
Instruction Scope
The runtime instructions instruct the agent to capture screenshots of login pages, perform DOM manipulation to insert usernames/passwords, and submit forms. These are exactly what the skill claims to do, but they also give a complete, automated recipe for programmatically bypassing CAPTCHA protections. The instructions suggest embedding credential values directly into evaluated scripts (placeholders 'your_username' / 'your_password') and capture screenshots that may contain sensitive data. There is no guidance on secure credential injection at runtime or safeguards against misuse, nor any requirement that screenshots be stored securely or immediately discarded.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest disk-write risk. There are no downloaded artifacts or binaries requested.
Credentials
The skill requests no environment variables or credentials in registry metadata, yet its workflow requires account credentials and produces sensitive screenshots. The lack of declared primaryEnv or envVars is inconsistent with the practical needs of the described workflow and increases the chance implementers will embed secrets insecurely (inlined into scripts or chat prompts).
Persistence & Privilege
always is false and the skill does not request system-level persistence or modify other skills. Model invocation is allowed (platform default) which means it could be called autonomously; combined with the nature of this skill, that increases abuse potential, but the skill itself does not request elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install captcha-login-assistant
  3. After installation, invoke the skill by name or use /captcha-login-assistant
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of CAPTCHA Login Assistant. - Automates web login processes requiring CAPTCHA verification through Chrome DevTools MCP. - Captures login page screenshots, recognizes CAPTCHA codes using AI vision, and fills in credentials programmatically. - Supports rapid and consecutive login scenarios where CAPTCHA validity is short. - Provides troubleshooting steps and best practices for common CAPTCHA and login workflow issues. - Prioritizes security and privacy when handling sensitive data.
Metadata
Slug captcha-login-assistant
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is captcha-login-assistant?

Assist with web login processes that require CAPTCHA verification. Uses Chrome DevTools MCP to capture screenshots, recognizes CAPTCHA codes using AI vision,... It is an AI Agent Skill for Claude Code / OpenClaw, with 286 downloads so far.

How do I install captcha-login-assistant?

Run "/install captcha-login-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is captcha-login-assistant free?

Yes, captcha-login-assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does captcha-login-assistant support?

captcha-login-assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created captcha-login-assistant?

It is built and maintained by leungBH (@leungbh); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments