← 返回 Skills 市场
766
总下载
0
收藏
3
当前安装
3
版本数
在 OpenClaw 中安装
/install captcha-relay
功能描述
Human-in-the-loop CAPTCHA solving with two modes: screenshot (default, zero infrastructure) and token relay (requires network access). Screenshot mode captur...
使用说明 (SKILL.md)
CAPTCHA Relay v2
Solve CAPTCHAs by relaying them to a human. Two modes available.
Modes
Screenshot Mode (default) — No infrastructure needed
Grid overlay screenshot → send image to human via Telegram → human replies with cell numbers → inject clicks.
- Zero setup beyond the skill itself. No Tailscale, no tunnels, no relay server.
- Works for any CAPTCHA type (reCAPTCHA, hCaptcha, sliders, text, etc.)
- Uses
sharpfor image processing + CDP for screenshots and click injection.
node index.js # screenshot mode (default)
node index.js --mode screenshot # explicit
node index.js --screenshot # legacy alias
const { solveCaptchaScreenshot } = require('./index');
const capture = await solveCaptchaScreenshot({ cdpPort: 18800 });
// capture.imagePath — annotated screenshot to send to human
// capture.prompt — text prompt for the human
Token Relay Mode — Requires network access
Detects CAPTCHA type + sitekey → serves real widget on relay page → human solves natively → token injected via CDP.
- Requires Tailscale or a tunnel (localtunnel/cloudflared) so the human's device can reach the relay server.
- Produces a proper CAPTCHA token — more reliable for reCAPTCHA v2, hCaptcha, Turnstile.
- Best when you have Tailscale already set up.
node index.js --mode relay # with localtunnel
node index.js --mode relay --no-tunnel # with Tailscale/LAN
const { solveCaptcha } = require('./index');
const result = await solveCaptcha({ cdpPort: 18800, useTunnel: false });
// result.relayUrl — URL to send to human
// result.token — solved CAPTCHA token
When to Use Each
| Scenario | Mode |
|---|---|
| Quick & easy, no setup | screenshot |
| Any CAPTCHA type (sliders, text, etc.) | screenshot |
| Known CAPTCHA with sitekey (reCAPTCHA, hCaptcha, Turnstile) | relay |
| Tailscale already configured | relay |
| No network access to host | screenshot |
CLI Flags
| Flag | Default | Description |
|---|---|---|
--mode screenshot|relay |
screenshot |
Select solving mode |
--screenshot |
— | Alias for --mode screenshot |
--no-inject |
inject | Return token without injecting into browser |
--no-tunnel |
tunnel | Skip tunnel, use local/Tailscale IP (relay mode) |
--timeout N |
120 | Timeout in seconds |
--cdp-port N |
18800 | Chrome DevTools Protocol port |
Agent Workflow
Screenshot mode (simplest)
- Call
solveCaptchaScreenshot({ cdpPort }) - Send
capture.imagePathto human viamessagetool withcapture.prompt - Human replies with cell numbers (e.g. "1,3,5,7")
- Call
injectGridClicks(cdpPort, capture, selectedCells)to click those cells
Relay mode
- Call
solveCaptcha({ useTunnel: false })(Tailscale) orsolveCaptcha()(tunnel) - Send
result.relayUrlto human viamessagetool - Wait — resolves when human completes the CAPTCHA
- Token is auto-injected; continue automation
Requirements
- Chrome/Chromium with
--remote-debugging-port=18800 - Node.js 18+ and
npm install(deps: ws, sharp) - Relay mode only: Tailscale or internet for tunnel
安全使用建议
This package appears internally consistent with its purpose, but it carries expected risks you should consider before using:
- Functional risks: relay mode opens an HTTP server (0.0.0.0) and can create a public tunnel (localtunnel/cloudflared) or rely on your Tailscale network — anyone who can reach the relay URL or Tailscale IP can view and interact with your browser tab. Treat relay URLs as sensitive and prefer Tailscale/LAN over public tunnels when possible.
- Sensitive data: solved tokens are written to /tmp/captcha-relay-token.txt and may be logged; running on a shared host could leak tokens or page contents. Clean /tmp after use and avoid running on machines with sensitive logged-in sessions.
- Remote code fetch: tunnel mode may run 'npx localtunnel' at runtime (fetches packages) and the Tailscale docs instruct using the official install script (curl | sh). Only run those commands if you trust the sources and understand the installation implications.
- Least privilege: if you only need the screenshot fallback, use screenshot mode (no network exposure). When using relay mode, use --no-inject if you want to receive the token but not have it automatically injected, and set sensible timeouts. Run the tool in an isolated/testing VM for initial evaluation.
- Code review: if you have strict security requirements, review tunnel.js and any code paths that spawn subprocesses, and consider running with limited network access / non-root user.
If you accept those trade-offs, the skill is coherent and does what it claims; otherwise treat relay mode as a high-privilege feature and restrict its use.
功能分析
Type: OpenClaw Skill
Name: captcha-relay
Version: 2.1.0
The skill is classified as suspicious due to its reliance on spawning external processes (`npx localtunnel`, `cloudflared`, `tailscale ip`) via `child_process.spawn` and `execSync` in `lib/tunnel.js`. While these actions are for the stated purpose of creating network tunnels, they introduce a significant supply chain vulnerability. A compromise of the `localtunnel` NPM package or the `cloudflared`/`tailscale` binaries could lead to arbitrary code execution on the host system. Additionally, the skill creates a public-facing HTTP server and tunnels, which, despite being for a legitimate purpose, inherently increases the attack surface.
能力评估
Purpose & Capability
The name/description (screenshot and token relay) align with the code and docs. The package implements CDP-based screenshots/injection, a local HTTP relay server, templates to render real widgets, and tunneling options (localtunnel/cloudflared/Tailscale). Required binaries/libraries (Node, Chrome with --remote-debugging-port, ws, sharp) are coherent with the stated capabilities. Nothing in the code requests unrelated credentials or unexpected platform access.
Instruction Scope
SKILL.md and the included docs describe sending annotated screenshots or a relay URL to a human via messaging and then injecting clicks/tokens into the automated browser. The relay server writes received tokens to a predictable file (/tmp/captcha-relay-token.txt) and serves an HTTP endpoint on 0.0.0.0; both are deliberate design choices but worth noting. TAILSCALE.md and ARCHITECTURE.md include instructions to run remote install helpers (e.g. curl|sh for Tailscale) and to use npx localtunnel — these are manual steps the user would run and are documented. The instructions do not ask the agent to read unrelated system files or secrets.
Install Mechanism
There is no platform install spec in the registry (instruction-only), but the package contains code and expects 'npm install' (deps: ws, sharp). The code may rely at runtime on 'npx localtunnel' (which downloads a package on demand) or on a system cloudflared binary; using npx/localtunnel/cloudflared is a moderate-risk, expected choice for tunneling but does fetch/execute code from registries or binaries at runtime. No downloads from unfamiliar personal servers are embedded in the code itself.
Credentials
The skill does not request environment variables, secret tokens, or unrelated credentials. Tailscale usage requires the user to authenticate their Tailscale client separately (documented). The code writes tokens to /tmp for convenience; this is proportional to the relay purpose but may be sensitive in shared environments.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It starts local HTTP servers and (optionally) public tunnels and can stream a browser tab and accept remote input — capabilities necessary for the feature but high-privilege in practice (a remote human can view and interact with the automated browser/tab). It does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install captcha-relay - 安装完成后,直接呼叫该 Skill 的名称或使用
/captcha-relay触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
Initial publish — human-in-the-loop CAPTCHA solving via screenshot or token relay
v2.0.0
v2: Token relay architecture with Tailscale support. Serves real CAPTCHA widgets to human device, captures token, injects back into browser via CDP. Supports reCAPTCHA v2, hCaptcha, Turnstile plus screenshot fallback.
v0.1.0
Initial release: human-in-the-loop CAPTCHA solving via Telegram with inline buttons. Supports reCAPTCHA v2 grid challenges. Connects to Chrome via CDP.
元数据
常见问题
Captcha Relay 是什么?
Human-in-the-loop CAPTCHA solving with two modes: screenshot (default, zero infrastructure) and token relay (requires network access). Screenshot mode captur... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 766 次。
如何安装 Captcha Relay?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install captcha-relay」即可一键安装,无需额外配置。
Captcha Relay 是免费的吗?
是的,Captcha Relay 完全免费(开源免费),可自由下载、安装和使用。
Captcha Relay 支持哪些平台?
Captcha Relay 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Captcha Relay?
由 0xclanky(@0xclanky)开发并维护,当前版本 v2.1.0。
推荐 Skills