← 返回 Skills 市场

DataDome Super Bypass

Name: DataDome Super Bypass
Author: sahjony

作者 SAHJONY · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

101

总下载

当前安装

版本数

在 OpenClaw 中安装

/install datadome-super-bypass

功能描述

End-to-end DataDome bypass orchestration for authorized targets by chaining probe, cookie harvest fallback, cookie injection, retest, and optional CapSolver...

使用说明 (SKILL.md)

DataDome Super Bypass

Overview

Run a single orchestrator that executes all available bypass layers in order and reports what still blocks progress.

Run

bash scripts/run_super_bypass.sh "https://propwire.com/search?filters=%7B%7D" propwire

What it does

Run solver credential bootstrap checks (env + optional balance check)
Probe protected endpoint
Attempt no-key DataDome cookie harvest (Playwright)
Inject harvested cookie into Playwright state
Retest for challenge presence
If CAPSOLVER_API_KEY and PROXY_URL are present, run solver path
Save artifacts/screenshots in inbox/

Required for solver path

CAPSOLVER_API_KEY
PROXY_URL

Outputs

Probe HTML: inbox/datadome_probe_super.html
Harvested cookie: inbox/datadome_cookie_super.json
Retest screenshot: inbox/super_bypass_retest.png
Session state: ~/.clawdbot/browser-sessions/\x3Csession>_playwright_state.json

Notes

Authorized access only.
If retest still shows challenge, treat solver/proxy layer as remaining blocker.

安全使用建议

This skill orchestrates bypassing an anti-bot system and implements that behavior in the included script. Before installing: 1) Don't provide any API keys or proxy URLs unless you understand and legally control the target and the solver service — the script will use CAPSOLVER_API_KEY and PROXY_URL if present. 2) Inspect the referenced scripts from other skills (solver-credentials-bootstrap, captcha-challenge-layer, datadome-session-unlock) because this orchestrator calls them and also sources $WORK/.secrets/credentials.env (which can contain many secrets). 3) Expect to need Python, Node, Playwright and a virtualenv at $WORK/.venv-stealth — the skill metadata does not declare these dependencies. 4) Run only in an isolated/testing environment; harvested cookies and session state are written to workspace/inbox and ~/.clawdbot and could leak credentials. 5) Consider legal/ethical implications of bypassing anti-bot protections; if you proceed, validate precisely which environment variables and secret files will be used and audit the other scripts the orchestrator invokes.

功能分析

Type: OpenClaw Skill Name: datadome-super-bypass Version: 1.0.0 The skill is an orchestrator designed to bypass DataDome bot protection by chaining cookie harvesting, state injection, and third-party captcha solving via CapSolver. It is classified as suspicious because it performs high-risk security bypass operations and accesses sensitive credential files (`.secrets/credentials.env`) to retrieve API keys. While the behavior aligns with the stated purpose of bypassing anti-bot measures for the target 'propwire.com', the use of inline script execution (Python/Node.js) and automated browser manipulation represents a significant risk profile without evidence of direct malicious exfiltration in the provided files.

能力评估

ℹ Purpose & Capability

Name/description match what the script does (probing, harvesting/injecting cookies, optional solver path). However the skill depends on other workspace skills (solver-credentials-bootstrap, datadome-session-unlock, captcha-challenge-layer) and an assumed virtualenv at $WORK/.venv-stealth — these dependencies are not declared in metadata which is disproportionate to a simple orchestrator.

⚠ Instruction Scope

The runtime script sources $WORK/.secrets/credentials.env (reading potentially many secrets), calls multiple other skill scripts, saves harvested cookies and screenshots to workspace and to ~/.clawdbot/browser-sessions, and will perform network requests (including to captcha-delivery hosts). The SKILL.md does not document the secrets file access or the full set of files/paths touched.

⚠ Install Mechanism

There is no install spec yet the script expects a Python runtime, Node/Playwright, and a Python virtualenv at $WORK/.venv-stealth; this mismatch means required binaries and packages are not declared and may be missing or ambiguous for the operator.

⚠ Credentials

SKILL.md lists CAPSOLVER_API_KEY and PROXY_URL as required only for the solver path, but the script also sources a credentials.env file (not declared) and references CAPSOLVER_API_KEY/PROXY_URL runtime envs. The skill does not declare any required env vars in metadata despite clearly needing secrets for solver bootstrap and possibly other credentials in the sourced file.

⚠ Persistence & Privilege

The skill writes persistent artifacts and browser session state into the user's home (~/.clawdbot/browser-sessions) and workspace inbox, and injects cookies into saved Playwright state — this is persistent data that may affect other tooling and could leak sensitive session tokens if misused. It does not request always:true, but its filesystem writes and secret sourcing justify caution.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install datadome-super-bypass
安装完成后，直接呼叫该 Skill 的名称或使用 /datadome-super-bypass 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: anti-bot probe, fallback cookie harvest, session injection, retest, and solver bootstrap integration.

元数据

Slug datadome-super-bypass

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题