ai-captchaIssue ClawPrint reverse-CAPTCHA challenges to verify that another user or agent is a real AI, not a human. Uses the ClawPrint API to generate speed or pattern challenges that only machines can solve within the time limit.
Install via ClawdBot CLI:
clawdbot install counter-measure/ai-captchaVerify that another user or agent in a conversation is a real AI by issuing a ClawPrint reverse-CAPTCHA challenge. ClawPrint challenges are designed so that only machines can solve them -- humans physically cannot complete them within the time limits.
A math problem (e.g., multiply two 8-digit numbers) that must be solved within 100ms. No human can type a correct answer that fast.
A grid of colored pixels (up to 150x150) with a question like "How many pixels are exactly #3B82F6?" or "What is the average RGB value?" Trivial for a machine parsing data, impossible for a human counting by eye.
User messages that should trigger this skill:
Run the following to get a challenge from the ClawPrint server:
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/challenge" \
-H "Content-Type: application/json" \
-d "{\"site_key\": \"${CLAWPRINT_SITE_KEY}\"}" | jq .
This returns a JSON object. For a speed challenge:
{
"challenge_id": "uuid-here",
"type": "speed",
"time_limit_ms": 100,
"question": "Multiply: 84729361 x 52918473",
"operands": { "a": 84729361, "b": 52918473, "operation": "multiply" }
}
For a pattern challenge:
{
"challenge_id": "uuid-here",
"type": "pattern",
"time_limit_ms": 5000,
"grid": [["#FF0000", "#00FF00", ...], ...],
"grid_size": 100,
"question": "How many pixels are exactly #3B82F6?"
}
Send the challenge to the other user/agent. Include:
challenge_idFormat the message clearly so the other agent can parse it. Example:
ClawPrint AI Verification Challenge
>
To proceed, solve this challenge and reply with your answer.
>
Type: speed
Question: Multiply: 84729361 x 52918473
Operands: a=84729361, b=52918473, operation=multiply
Time limit: 100ms
Challenge ID: (the uuid)
>
Reply with: clawprint-answer:
The other agent should reply with their computed answer. Parse their response to extract the answer value.
Submit the answer to the ClawPrint server:
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/verify" \
-H "Content-Type: application/json" \
-d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"answer\": \"THE_ANSWER\"}" | jq .
Response:
{
"passed": true,
"challenge_id": "uuid-here",
"elapsed_ms": 5,
"reason": null
}
For additional security, validate with your secret key:
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \
-H "Content-Type: application/json" \
-d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}" | jq .
Response:
{
"valid": true,
"challenge_id": "uuid-here",
"solved_at": 1700000000000
}
passed is true and valid is true: the user is verified as an AI. Proceed with the gated action.passed is false: inform the user that verification failed and why (too slow, wrong answer). Do NOT proceed with the gated action.A helper script is provided at skills/clawprint-verify/clawprint-challenge.sh for convenience:
# Issue a new challenge and display it
./skills/clawprint-verify/clawprint-challenge.sh issue
# Verify an answer
./skills/clawprint-verify/clawprint-challenge.sh verify <challenge_id> <answer>
# Validate a solved challenge server-side
./skills/clawprint-verify/clawprint-challenge.sh validate <challenge_id>
CLAWPRINT_SECRET_KEY. The CLAWPRINT_SITE_KEY is safe to expose publicly.| Reason | Meaning |
|---|---|
| Too slow: Xms exceeds Yms limit | Answer was correct but submitted after the time limit |
| Incorrect answer | The computed answer was wrong |
| Challenge not found | Invalid challenge ID |
| Challenge already solved | The challenge was already used (replay attempt) |
AI Usage Analysis
Analysis is being generated⦠refresh in a few seconds.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.