playbooks

home / skills / openclaw / skills / stealth

stealth skill

/skills/schwartzdev/stealth

This skill helps you diagnose and bypass bot blocks with residential proxies, captcha solving, and stealth browsing to maintain access.

npx playbooks add skill openclaw/skills --skill stealth

Review the files below or copy the command above to add this skill to your agents.

Files (6)
SKILL.md
3.5 KB
---
name: stealth
description: >
  Anti-bot detection toolkit for AI agents. Diagnoses why your agent is getting
  blocked and fixes it. Use when: agent hits 403/429 errors, encounters CAPTCHAs
  (hCaptcha, reCAPTCHA, Cloudflare Turnstile), gets detected as a bot, receives
  fake/empty data from websites, encounters Cloudflare challenges, needs to bypass
  IP blocks, or is running on a datacenter/cloud IP. Covers: residential proxy setup,
  CAPTCHA solver configuration, stealth browser fingerprinting. For web scraping,
  browser automation, form filling, and any task where bot detection is a problem.
---

# Stealth — Anti-Bot Detection for AI Agents

Three layers, applied in order. Most blocks are solved at Layer 1.

## Quick Diagnostic

Run this first to understand the problem:

```bash
curl -s https://ipinfo.io/json | python3 -c "
import sys,json;d=json.load(sys.stdin)
org=d.get('org','')
h=d.get('privacy',{}).get('hosting') if 'privacy' in d else None
dc=h or any(x in org.lower() for x in ['digital','amazon','google','microsoft','azure','linode','vultr','hetzner','ovh','cloud'])
print(f'IP: {d[\"ip\"]} | Org: {org} | Datacenter: {dc}')
if dc: print('⚠️  Datacenter IP detected → Layer 1 (proxy) required')
else: print('✅ Residential IP — skip to Layer 2 or 3 if still blocked')
"
```

### Block type reference

| Symptom | Cause | Layer |
|---------|-------|-------|
| 403 Forbidden | IP/bot block | 1 |
| 429 Too Many Requests | Rate limit | 1 |
| Cloudflare challenge | Bot detection | 1 + 3 |
| CAPTCHA appears | Verification gate | 2 |
| 200 but wrong content | Honeypot/fake data | 3 |
| Redirect loop | Cookie/session detection | 3 |

## Layer 1: Residential Proxy

**The #1 fix.** Datacenter IPs are flagged instantly by Cloudflare, Akamai, PerimeterX, and most anti-bot systems. A residential proxy routes traffic through real ISP connections.

See `references/proxy-setup.md` for provider comparison and setup instructions.

**Quick test after setup:**
```bash
curl -x http://USER:PASS@HOST:PORT -s https://ipinfo.io/json | python3 -c "
import sys,json;d=json.load(sys.stdin)
print(f'Proxy IP: {d[\"ip\"]} | Org: {d.get(\"org\")}')
"
```
Org should show an ISP (Comcast, Verizon, AT&T), not a cloud provider.

## Layer 2: CAPTCHA Solving

**Never attempt CAPTCHAs yourself.** You will fail, burn tokens, and trigger escalated challenges. Always use a solver service.

**Critical routing rule:** 2Captcha dropped hCaptcha support entirely in late 2025. Use CapSolver for hCaptcha.

| CAPTCHA type | Provider |
|-------------|----------|
| hCaptcha | CapSolver only |
| reCAPTCHA v2/v3 | 2Captcha or CapSolver |
| Cloudflare Turnstile | Either |
| Image/text | 2Captcha |

See `references/captcha-setup.md` for provider setup, API integration code, and token injection.

## Layer 3: Stealth Browser

**When proxy alone isn't enough.** Sites fingerprint headless browsers via navigator properties, WebGL, Canvas, and automation flags.

See `references/browser-stealth.md` for Playwright stealth config, header templates, and anti-fingerprinting.

## Troubleshooting

| Problem | Fix |
|---------|-----|
| Blocked after proxy | Verify IP is residential via `ipinfo.io`. Cheap providers resell datacenter IPs. |
| CAPTCHA solver error | Wrong provider for captcha type? 2Captcha cannot solve hCaptcha. |
| Site serves fake data | Add stealth browser config (Layer 3). |
| Slow responses | Try proxy server closer to target site's region. |
| Blocked after many requests | Enable IP rotation in proxy dashboard. |

Overview

This skill is an anti-bot detection toolkit for AI agents that diagnoses why your agent is being blocked and provides concrete fixes. It focuses on a three-step remediation path: residential proxies, CAPTCHA solving, and stealth browser fingerprinting. Use it to recover from 403/429 errors, CAPTCHAs, Cloudflare challenges, and fake/empty responses from sites.

How this skill works

The skill first inspects your environment and request symptoms to identify the block type (IP block, rate limit, CAPTCHA, fingerprinting). It guides you to configure a residential proxy, integrate a CAPTCHA solver matched to the CAPTCHA type, and apply browser-level stealth settings (Playwright or similar). It includes verification tests, example commands/snippets, and troubleshooting checks to confirm each layer is working.

When to use it

  • Agent receives 403 Forbidden or 429 Too Many Requests
  • CAPTCHAs appear (hCaptcha, reCAPTCHA, Turnstile)
  • Site returns empty, fake, or honeypot content
  • Running from a datacenter/cloud IP and getting blocked
  • Facing Cloudflare/Akamai fingerprint/challenge pages

Best practices

  • Diagnose first: confirm IP hosting info and exact symptom before changing configuration
  • Fix in order: Proxy → CAPTCHA → Stealth Browser — most issues resolve at proxy layer
  • Use a solver service appropriate to the CAPTCHA type (e.g., CapSolver for hCaptcha, 2Captcha for reCAPTCHA/image)
  • Store credentials securely (file permissions, environment variables) and test proxy IP via ipinfo.io to confirm residential status
  • Emulate human behavior: randomized delays, realistic headers, mouse movement, and scrolling

Example use cases

  • Scraping user-facing pages that serve different content to bots vs humans
  • Automating form submissions on sites protected by CAPTCHAs or Cloudflare Turnstile
  • Browser automation for price monitoring on sites with anti-bot defenses
  • Recovering an agent deployed on cloud/VPS that suddenly started returning 403/429 responses
  • Setting up a resilient scraping pipeline with proxy rotation, CAPTCHA handling, and stealth browser tweaks

FAQ

How do I know if my IP is the problem?

Run an IP check against ipinfo.io; if org/hosting fields indicate a datacenter or hosting provider, a residential proxy is required.

Which CAPTCHA solver should I pick?

Match solver to CAPTCHA type: use CapSolver for hCaptcha, 2Captcha for reCAPTCHA and image/text CAPTCHAs; wrong provider often fails silently.

Will stealth browser settings always bypass fingerprinting?

Not always. Stealth reduces detectable signals but advanced fingerprinting may still flag you; combine residential proxies, realistic headers, and human-like behavior, or use higher-grade browsers like camoufox if needed.