MiniMax Vision Captcha — 技能工具
v1.0.0使用MiniMax视觉模型识别图片中的验证码、滑块位置、文字内容等。适用于需要AI视觉分析的场景,如微信验证码识别、网页截图分析、图片文字提取。当需要识别图片内容、分析验证码、提取截图信息时使用此技能。
0· 1,003·1 当前·2 累计
by 安全扫描
OpenClaw
可疑
medium confidenceSkill functionality aligns with its description, but there are security and transparency concerns (unsanitized shell invocation, implicit credentials/config expectations, and automatic local file access) that the user should review before installing.
评估建议
This skill appears to do what it claims (solve captchas using a MiniMax visual service) but you should be cautious before installing: 1) The included script runs a shell command via execSync with prompt and image path interpolated verbatim — this is vulnerable to command injection if those values include malicious characters. Prefer a version that calls mcporter with an argument array (spawn/execFile) or properly escapes inputs. 2) The script will read the latest PNG from /root/.openclaw/media/b...详细分析 ▾
✓ 用途与能力
Name/description, SKILL.md, and the included script all consistently implement an image/captcha recognition helper that calls a MiniMax visual MCP via mcporter and uses OpenClaw browser screenshots. The files and commands requested are coherent with the stated purpose.
⚠ 指令范围
Runtime instructions tell the agent to take screenshots and call mcporter.minimax-coding-plan.understand_image — that matches purpose. However the included script will automatically look in /root/.openclaw/media/browser for screenshots if none provided (accessing local user/root files), and it constructs a shell command by interpolating user-supplied prompt and imagePath directly into a single string passed to execSync. That creates a command-injection risk and means the skill can read and submit arbitrary local images to the MCP.
✓ 安装机制
No install spec or remote downloads — the skill is instruction-only with a small local Node script. Nothing is fetched from arbitrary URLs during install, which lowers supply-chain risk.
ℹ 凭证需求
The skill declares no environment variables or credentials, but SKILL.md says 'ensure MiniMax MCP is configured' and the script uses mcporter. Credentials/config required to call the MCP are not documented in requires.env or marketplace.json — an omission that reduces transparency. No unrelated credentials are requested.
✓ 持久化与权限
Skill is user-invocable, not always:true, and does not request elevated or persistent platform privileges nor modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/2
首次发布
● 可疑
安装命令 点击复制
官方npx clawhub@latest install minimax-vision-captcha
镜像加速npx clawhub@latest install minimax-vision-captcha --registry https://cn.clawhub-mirror.com
技能文档
使用MiniMax MCP的视觉理解能力识别图片中的内容,解决验证码、滑块分析等问题。
快速开始
1. 截图
使用OpenClaw浏览器截图:
browser action=screenshot targetId=<页面ID>
或使用OpenClaw的snapshot获取页面结构后分析。
2. 调用MiniMax视觉识别
mcporter call minimax-coding-plan.understand_image prompt="描述图片内容" image_source="/path/to/screenshot.png"
3. 分析结果
根据返回结果进行下一步操作。
典型使用场景
场景1:微信滑块验证码
- 访问微信页面,触发验证码
- 截图:
browser action=screenshot - 发送给视觉模型分析
- 获取滑块位置描述
场景2:图片文字识别
- 截图或获取图片路径
- 调用视觉模型识别文字
- 返回文字内容
场景3:网页元素分析
- 使用snapshot获取页面结构
- 分析特定元素的可见内容和属性
注意事项
- 确保MiniMax MCP已配置
- 图片路径需要是服务器可访问的绝对路径
- 滑块验证码需要描述缺口位置(左侧/右侧/距离)
依赖
- minimax-coding-plan MCP
- OpenClaw浏览器工具
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制