clawdbot-workspace/skills/browser-captcha/SKILL.md

# Browser Automation with CAPTCHA Solving

## Tools Available

### 1. agent-browser (primary - fast Rust CLI)
```bash
agent-browser open <url>
agent-browser snapshot -i  # Get interactive elements
agent-browser click @e1    # Click by ref
agent-browser fill @e2 "text"  # Fill input
agent-browser close
```

### 2. browser-use (open source Python)
```bash
~/.local/bin/browser-use --headed open <url>
~/.local/bin/browser-use state  # Get page state
~/.local/bin/browser-use click <index>
~/.local/bin/browser-use run "task description"  # Autonomous mode
```

### 3. Capsolver (CAPTCHA solving)
API Key: CAP-B49C48AC60460D3DE18D06CE9012816DE2040A3D21476FF09EA90DB00EC423EA

## CAPTCHA Solving Workflow

When hitting a CAPTCHA:

1. **Detect CAPTCHA type** from page snapshot
2. **Get site key** (usually in page source or data attribute)
3. **Call Capsolver API** to solve
4. **Inject solution** into page

### Capsolver API for reCAPTCHA v2:
```bash
curl -X POST "https://api.capsolver.com/createTask" \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "CAP-B49C48AC60460D3DE18D06CE9012816DE2040A3D21476FF09EA90DB00EC423EA",
    "task": {
      "type": "ReCaptchaV2TaskProxyLess",
      "websiteURL": "<page_url>",
      "websiteKey": "<site_key_from_page>"
    }
  }'
```

Get result:
```bash
curl -X POST "https://api.capsolver.com/getTaskResult" \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "CAP-B49C48AC60460D3DE18D06CE9012816DE2040A3D21476FF09EA90DB00EC423EA",
    "taskId": "<task_id_from_create>"
  }'
```

Inject solution:
```bash
agent-browser eval "document.getElementById('g-recaptcha-response').innerHTML='<solution>'"
agent-browser eval "___grecaptcha_cfg.clients[0].callback('<solution>')"
```

## Password Reset Flow (most reliable)

1. Go to login page
2. Click "Forgot password"
3. Enter email
4. Check email via `gog gmail`
5. Click reset link
6. Set new password: BurtonMethod2026!
7. Log in and get API key

## Learnings

### What works:
- Password reset bypasses most anti-bot measures
- agent-browser is faster than browser-use for simple automation
- gog gmail reliably reads verification emails

### What doesn't work:
- Direct signup often hits reCAPTCHA
- Google SSO requires manual auth
- browser-use cloud API has concurrency limits

### Services with aggressive anti-bot:
- Freshdesk (reCAPTCHA on login)
- Mailchimp (reCAPTCHA on signup)
- HubSpot (rate limiting by IP/email)

### Services that work with password reset:
- Close CRM ✓
- Wrike ✓