← 返回 Skills 市场

CAPTCHAS OpenClaw

Name: CAPTCHAS OpenClaw
Author: captchasco

作者 CAPTCHASCO · GitHub ↗ · v1.0.1

cross-platform ✓ 安全检测通过

2149

总下载

当前安装

版本数

在 OpenClaw 中安装

/install captchas-openclaw

功能描述

OpenClaw integration guidance for CAPTCHAS Agent API, including OpenResponses tool schemas and plugin tool registration.

使用说明 (SKILL.md)

CAPTCHAS + OpenClaw

Use this skill when integrating CAPTCHAS with OpenClaw via OpenResponses tools or OpenClaw plugin tools.

Configuration

Set environment variables:

CAPTCHAS_ENDPOINT = https://agent.captchas.co
CAPTCHAS_API_KEY = \x3Cyour-api-key>

Headers:

x-api-key: required (use CAPTCHAS_API_KEY).
x-domain: optional; validated if provided.

Notes:

site_key is optional; if omitted, it resolves from the API key or account default.
Avoid sending PII in signals.

OpenResponses Tool Schemas (OpenClaw Gateway)

Use the OpenClaw tools array shape when calling the Gateway /v1/responses endpoint.

{
  "tools": [
    {
      "type": "function",
      "function": {
        "name": "captchas_agent_verify",
        "description": "Run CAPTCHAS Agent Verify and return a decision (allow|deny|challenge).",
        "parameters": {
          "type": "object",
          "properties": {
            "site_key": {"type": "string"},
            "action": {"type": "string"},
            "signals": {"type": "object", "additionalProperties": true},
            "capabilities": {
              "oneOf": [
                {"type": "object", "additionalProperties": true},
                {"type": "array", "items": {"type": "string"}}
              ]
            },
            "verification_mode": {"type": "string", "enum": ["backend_linked", "agent_only"]},
            "challenge_source": {"type": "string", "enum": ["bank", "ai_generated"]},
            "input_type": {"type": "string", "enum": ["choice", "image", "behavioral"]},
            "media_url": {"type": "string"},
            "media_type": {"type": "string"}
          },
          "required": [],
          "additionalProperties": false
        }
      }
    },
    {
      "type": "function",
      "function": {
        "name": "captchas_agent_challenge_complete",
        "description": "Complete a challenge and mint a verification token when passed.",
        "parameters": {
          "type": "object",
          "properties": {
            "challenge_id": {"type": "string"},
            "site_key": {"type": "string"},
            "answer": {"type": "string"}
          },
          "required": ["challenge_id", "answer"],
          "additionalProperties": false
        }
      }
    },
    {
      "type": "function",
      "function": {
        "name": "captchas_agent_token_verify",
        "description": "Verify an opaque CAPTCHAS token before completing a sensitive action.",
        "parameters": {
          "type": "object",
          "properties": {
            "token": {"type": "string"},
            "site_key": {"type": "string"},
            "domain": {"type": "string"}
          },
          "required": ["token"],
          "additionalProperties": false
        }
      }
    }
  ]
}

OpenClaw Plugin Tool Registration

Example:

api.registerTool({
  name: "captchas_agent_verify",
  description: "Run CAPTCHAS Agent Verify and return a decision (allow|deny|challenge).",
  parameters: {
    type: "object",
    properties: {
      site_key: { type: "string" },
      action: { type: "string" },
      signals: { type: "object", additionalProperties: true }
    },
    required: [],
    additionalProperties: false
  },
  async execute(_id, params) {
    return { content: [{ type: "text", text: JSON.stringify(params) }] };
  }
});

References

Use /v1/agent/verify, /v1/agent/challenge/:id/complete, and /v1/agent/token-verify as the canonical API calls.
See captchas-human-verification/SKILL.md for workflow guidance.

安全使用建议

This skill is coherent for integrating CAPTCHAS with OpenClaw. Before installing, store CAPTCHAS_API_KEY securely and confirm CAPTCHAS_ENDPOINT is correct. Be cautious about what you include in the 'signals' object — avoid PII or sensitive tokens, since the schema allows arbitrary fields. Replace the example execute() that echoes params before using in production (echoing inputs can leak sensitive data to logs or assistant outputs). Finally, ensure API keys are scoped/minimized and rotated regularly.

功能分析

Type: OpenClaw Skill Name: captchas-openclaw Version: 1.0.1 The skill bundle defines tools and configuration for integrating with a CAPTCHAS API. The `SKILL.md` provides schemas for CAPTCHA verification, challenge completion, and token verification, along with an example `execute` function that merely echoes its input. While the `signals` parameter in `captchas_agent_verify` allows arbitrary data, the documentation explicitly warns against sending PII, and there are no instructions for the agent to perform malicious actions, exfiltrate data, or execute arbitrary commands. All content aligns with the stated purpose of CAPTCHA integration and lacks any clear evidence of intentional harmful behavior or high-risk prompt injection.

能力评估

✓ Purpose & Capability

Name/description (CAPTCHAS integration) aligns with declared env vars (CAPTAS_API_KEY, CAPTCHAS_ENDPOINT) and the API endpoints referenced. Requested credentials and endpoint are expected for this integration.

ℹ Instruction Scope

SKILL.md contains only API integration guidance and tool schemas. It does not instruct the agent to read unrelated system files or other credentials. Note: the 'signals' parameter is free-form (additionalProperties allowed) and the doc warns to avoid PII but does not enforce it — this is a possible data-exposure risk if callers put sensitive user data into signals. The example plugin's execute() simply returns JSON.stringify(params), which in a real integration could cause sensitive inputs to be reflected into tool output/logs.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — lowest-risk install posture; nothing is written to disk or downloaded by the skill itself.

✓ Credentials

Only two environment variables are required: CAPTCHAS_API_KEY (primary credential) and CAPTCHAS_ENDPOINT. Both are appropriate and necessary for an API integration; no unrelated credentials or broad config paths are requested.

✓ Persistence & Privilege

Skill is not always-enabled and does not request system-wide privileges or attempt to modify other skills. Default autonomous invocation is allowed (platform default) but not combined with other concerning privileges here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install captchas-openclaw
安装完成后，直接呼叫该 Skill 的名称或使用 /captchas-openclaw 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Reference to a user-specific file path was replaced with a generic `captchas-human-verification/SKILL.md` workflow reference. - No other content changes were made in this version.

v1.0.0

Initial release of OpenClaw integration guidance for the CAPTCHAS Agent API. - Provides environment variable setup and required headers for API authentication. - Documents OpenResponses tool schemas for CAPTCHAS verification, challenge completion, and token verification. - Includes example for plugin tool registration with JSON Schema parameter definitions. - References canonical API endpoints and workflow guidance sources.

元数据

Slug captchas-openclaw

版本 1.0.1

许可证 —

累计安装 4

当前安装数 4

历史版本数 2

常见问题