registry  /  captchakraken  /  2.2.0

captchakraken@2.2.0

Browser-agnostic Playwright/Puppeteer captcha solver. Detects the captcha, reads the grid with a fine-tuned Qwen3.5-9B vision model on vLLM, and clicks through to a token.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation mutates only the package-local Python environment. When a caller invokes the solver, it automates CAPTCHA interaction, can start a local vLLM service, and uploads the CAPTCHA image to the configured inference endpoint; no covert exfiltration chain was found.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` for bootstrap; explicit runtime construction/use of `CaptchaKrakenSolver.solve()` for browser automation and inference.
Impact
Enables CAPTCHA-bypass automation and can disclose solved-page CAPTCHA images plus the configured bearer credential to the selected inference service.
Mechanism
CAPTCHA-solving browser automation backed by a bundled Python/vLLM client.
Rationale
Source inspection confirms a real dangerous dual-use CAPTCHA-solving capability and install-time environment mutation. The behavior is package-aligned and lacks a concrete covert-malware chain, so warn rather than block.
Evidence
package.jsonscripts/setup-python.jsdist/index.jsdist/solver.jspython/src/captchakraken/config.pypython/src/captchakraken/planner.pypython/src/captchakraken/server_manager.pypython/.venvpython/pyproject.toml
Network endpoints1
localhost:8000/v1/chat/completions

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `scripts/setup-python.js` on `postinstall`.
  • Postinstall creates `python/.venv`, upgrades pip tooling, and installs the bundled Python project.
  • `python/src/captchakraken/planner.py` sends captcha-image data and a bearer token to the configured vLLM endpoint.
  • `python/src/captchakraken/server_manager.py` auto-starts a detached local vLLM process and persists PID/lock/log state.
  • `dist/solver.js` automates browser CAPTCHA interaction and invokes the bundled CLI.
Evidence against
  • No source reads arbitrary credentials, shell profiles, or broad user files.
  • No covert fixed remote host, payload download, eval/vm loader, or AI-agent configuration mutation was found.
  • Remote inference is explicitly configured through `VLLM_BASE_URL`; the default endpoint is localhost.
  • Import entrypoint `dist/index.js` only exports solver and adapter APIs.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystem
Supply chain
HighEntropyStrings
Manifest
CopyleftLicense
scanned 8 file(s), 110 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/setup-python.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
python/examples/_harness.pyView file
path = python/examples/_harness.py kind = build_helper sizeBytes = 6632 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

python/examples/_harness.pyView on unpkg

Findings

1 High3 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
MediumShips Build Helperpython/examples/_harness.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowCopyleft License