Trust Assessment
captchas-openclaw received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Data Exfiltration via 'signals' parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Data Exfiltration via 'signals' parameter The `captchas_agent_verify` tool's `signals` parameter is defined with `additionalProperties: true` in its JSON schema. This allows the LLM to pass any arbitrary JSON object as part of the `signals` payload. Although the documentation advises to 'Avoid sending PII in `signals`', the tool's schema does not enforce this restriction. This creates a credible vector for an attacker to craft prompts that induce the LLM to exfiltrate sensitive user data (e.g., PII, conversation history, or other contextual information) to the `CAPTCHAS_ENDPOINT` via this parameter. Restrict the `signals` object schema to explicitly define and allow only known, non-sensitive properties. Remove `additionalProperties: true` to prevent arbitrary data injection. If arbitrary data is truly necessary, implement robust server-side validation and ensure explicit user consent mechanisms are in place before transmitting any potentially sensitive data. | LLM | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/0901a8b874fa03da)
Powered by SkillShield