Is 0xclanky/captcha-relay safe?

https://github.com/openclaw/skills/tree/main/skills/0xclanky/captcha-relay

91
SAFE

This skill provides legitimate CAPTCHA solving functionality with two modes: screenshot-based and token relay. The code appears clean with no malicious content, though it involves network tunneling and browser automation capabilities that could theoretically be misused.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

LOW Executable Node.js Scripts -10

The skill includes executable JavaScript files that run HTTP servers and interact with browser automation APIs via Chrome DevTools Protocol. This is expected functionality for CAPTCHA solving but represents code execution.

MEDIUM Network Tunneling Capability -15

The skill can create public network tunnels via localtunnel or cloudflared to expose local servers externally. While this is documented functionality for the relay mode, it could theoretically be misused for unauthorized access.

LOW Browser Automation Potential for Misuse -20

The skill uses Chrome DevTools Protocol for browser automation and CAPTCHA solving, which could potentially be misused for web scraping or circumventing security measures, though legitimate use cases exist.