Is adinvadim/2captcha safe?

https://github.com/openclaw/skills/tree/main/skills/adinvadim/2captcha

62
CAUTION

This skill provides CAPTCHA-solving capabilities via a third-party paid service (2captcha.com), with its primary risk being a curl-pipe-execute installation pattern that downloads unaudited code from an external repository the author controls. While no active malicious behavior was detected during installation, the skill's purpose of bypassing security controls and its ability to upload arbitrary image files to third-party servers create significant abuse and data exfiltration potential.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 55/100 · 25%
Code Execution 25/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 25/100 · 5%

Findings (7)

CRITICAL Remote code execution via curl-pipe-execute from external repo -55

The skill instructs downloading and executing an unaudited script from an external GitHub repository (adinvadim/2captcha-cli) that is separate from the skill repository. The script is installed system-wide to /usr/local/bin/ with execute permissions. The remote content can change at any time without any change to the skill version, meaning a supply chain attack could be introduced silently.

HIGH Arbitrary file upload to third-party servers via image captcha solving -30

The solve-captcha image command accepts local file paths and sends their contents to 2captcha.com servers for processing. This creates a data exfiltration channel where any image file (screenshots, documents rendered as images, sensitive diagrams) can be transmitted to a third party under the guise of CAPTCHA solving.

HIGH Skill purpose is to bypass security controls -55

CAPTCHAs exist specifically to prevent automated abuse. This skill's entire purpose is circumventing these protections, explicitly listing use cases including 'account creation' and 'form submission' — common vectors for spam, fraud, and abuse at scale. An agent equipped with this skill could facilitate Terms of Service violations on any target site.

MEDIUM Skill normalizes security bypass behavior for the agent -25

By instructing the agent in CAPTCHA bypass workflows (detect, extract, solve, inject token), the skill conditions the agent to treat circumventing security controls as routine behavior. This could lower the agent's resistance to other security-bypassing requests in the same session.

MEDIUM Plaintext API key storage -15

The skill instructs users to store their 2Captcha API key in a plaintext file (~/.config/2captcha/api-key) or environment variable, with no mention of encryption or secure credential management. This API key has monetary value (linked to a paid account) and could be stolen.

LOW System-wide binary installation without verification -20

The script is installed to /usr/local/bin/ which requires elevated privileges and affects all users on the system. No checksum verification, GPG signature check, or version pinning is performed on the downloaded binary.

INFO Clean installation behavior observed -5

No malicious behavior was detected during the clone and installation phase. All network connections were to expected destinations (GitHub, Ubuntu infrastructure). No canary files were accessed.