首页龙虾技能列表 › FlareSolverr — Cloudflare Bypass — 技能工具

🛡️ FlareSolverr — Cloudflare Bypass — 技能工具

v1.0.0

Bypass Cloudflare protection by routing requests through FlareSolverr’s browser API, handling challenges and returning page content, cookies, and headers.

2· 919·6 当前·6 累计
by @dolverin (Dolverin)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/12
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
The skill's requirements and instructions are consistent with its stated purpose (using a FlareSolverr service to solve Cloudflare challenges); no unexplained privileges or unrelated credentials are requested.
评估建议
This skill appears coherent for running and using a FlareSolverr HTTP API. Before installing: prefer running FlareSolverr yourself (the SKILL.md suggests the ghcr.io Docker image) so requests and solved pages stay on your host; do not set FLARESOLVERR_URL to an untrusted public endpoint (that service will see all target URLs, page content, and cookies); consider legal/terms-of-service implications of bypassing protections and respect rate limits; and keep curl/jq available on the agent environme...
详细分析 ▾
用途与能力
Name, description, declared binaries (curl, jq), and required env var (FLARESOLVERR_URL) align with using an external FlareSolverr HTTP API. The SKILL.md only documents calling that API and managing sessions/cookies, which is expected for this purpose.
指令范围
Instructions stay within the skill's scope: run FlareSolverr (Docker), set FLARESOLVERR_URL, and POST JSON requests to /v1. The skill makes and extracts page content, cookies, headers and supports proxies/sessions — all reasonable for a bypass/scraping helper. Note: because the skill returns full page content and cookies, using a remote/untrusted FLARESOLVERR_URL would expose requested URLs and page data to that host (privacy/exfiltration risk).
安装机制
Instruction-only skill (no install spec or code). SKILL.md advises running the official ghcr.io/flaresolverr image via docker run — a standard, expected approach and not an arbitrary download URL from an unknown server.
凭证需求
Only FLARESOLVERR_URL is required and declared as the primaryEnv, which is proportional. Caution: that single env var controls the service endpoint — pointing it to an untrusted third-party service could leak all requested URLs, page contents, and cookies to that remote operator.
持久化与权限
always:false and no install or persistent configuration changes are requested. The skill does not ask to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/14

Initial release: Cloudflare bypass via FlareSolverr proxy. ENV-based config, session management, GET/POST, proxy support, error handling.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install flaresolverr
镜像加速npx clawhub@latest install flaresolverr --registry https://cn.clawhub-mirror.com

技能文档

Use FlareSolverr to bypass Cloudflare protection when direct curl requests fail with 403 or Cloudflare challenge pages.

Setup

  • Run FlareSolverr (Docker recommended):
docker run -d --name flaresolverr -p 8191:8191 ghcr.io/flaresolverr/flaresolverr:latest
  • Set the environment variable:
export FLARESOLVERR_URL="http://localhost:8191"
  • Verify:
curl -s "$FLARESOLVERR_URL/health" | jq '.'
# Expected: {"status":"ok","version":"3.x.x"}

When to Use

  • Direct curl fails with 403 Forbidden
  • Cloudflare challenge page appears (JS challenge, captcha, "Checking your browser")
  • Bot detection blocks automated requests
  • Rate limiting or anti-scraping measures

Workflow

  • Try direct curl first (it's faster and simpler)
  • If blocked: Use FlareSolverr to get cookies/user-agent
  • Reuse session for subsequent requests (optional, for performance)

Basic Usage

Simple GET Request

curl -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/protected-page",
    "maxTimeout": 60000
  }' | jq '.'

Response Structure

{
  "status": "ok",
  "message": "Challenge solved!",
  "solution": {
    "url": "https://example.com/protected-page",
    "status": 200,
    "headers": {},
    "response": "...",
    "cookies": [
      {
        "name": "cf_clearance",
        "value": "...",
        "domain": ".example.com"
      }
    ],
    "userAgent": "Mozilla/5.0 ..."
  },
  "startTimestamp": 1234567890,
  "endTimestamp": 1234567895,
  "version": "3.3.2"
}

Extract Page Content

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/protected-page"
  }' | jq -r '.solution.response'

Extract Cookies

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com"
  }' | jq -r '.solution.cookies[] | "\(.name)=\(.value)"'

Session Management

Sessions allow reusing browser context (cookies, user-agent) for multiple requests, improving performance.

Create Session

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "sessions.create"}' | jq -r '.session'

Use Session for Request

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/page1",
    "session": "SESSION_ID"
  }' | jq -r '.solution.response'

List Active Sessions

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "sessions.list"}' | jq '.sessions'

Destroy Session

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "sessions.destroy",
    "session": "SESSION_ID"
  }'

POST Requests

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.post",
    "url": "https://example.com/api/endpoint",
    "postData": "key1=value1&key2=value2",
    "maxTimeout": 60000
  }' | jq '.'

For JSON POST data:

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.post",
    "url": "https://example.com/api/endpoint",
    "postData": "{\"key\":\"value\"}",
    "headers": {
      "Content-Type": "application/json"
    }
  }' | jq '.'

Advanced Options

Custom User-Agent

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
  }' | jq '.'

Custom Headers

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com",
    "headers": {
      "Accept-Language": "en-US,en;q=0.9",
      "Referer": "https://google.com"
    }
  }' | jq '.'

Proxy Support

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com",
    "proxy": {
      "url": "http://proxy.example.com:8080"
    }
  }' | jq '.'

Download Binary Content

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/file.pdf",
    "download": true
  }' | jq -r '.solution.response' | base64 -d > file.pdf

Error Handling

Common Errors

  • "status": "error": Request failed (check message field)
  • "status": "timeout": maxTimeout exceeded (increase timeout)
  • "status": "captcha": Manual captcha required (rare, usually auto-solved)

Check Status

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "request.get", "url": "https://example.com"}' | \
  jq -r '.status'

Example Workflow

Bypass Cloudflare and Extract Data

# Step 1: Fetch page through FlareSolverr
RESPONSE=$(curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/protected-page"
  }')
# Step 2: Check if successful
STATUS=$(echo "$RESPONSE" | jq -r '.status')
if [ "$STATUS" != "ok" ]; then
  echo "Failed: $(echo "$RESPONSE" | jq -r '.message')"
  exit 1
fi
# Step 3: Extract and parse HTML
echo "$RESPONSE" | jq -r '.solution.response'

Multi-Page Session

# Create session
SESSION=$(curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "sessions.create"}' | jq -r '.session')
# Page 1
curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d "{\"cmd\": \"request.get\", \"url\": \"https://example.com/page1\", \"session\": \"$SESSION\"}" | \
  jq -r '.solution.response'
# Page 2 (reuses cookies from page 1)
curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d "{\"cmd\": \"request.get\", \"url\": \"https://example.com/page2\", \"session\": \"$SESSION\"}" | \
  jq -r '.solution.response'
# Cleanup
curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d "{\"cmd\": \"sessions.destroy\", \"session\": \"$SESSION\"}"

Health Check

curl -s "$FLARESOLVERR_URL/health" | jq '.'

Performance Tips

  • Use sessions for multiple requests to same domain (reuses cookies/context)
  • Increase maxTimeout for slow sites (default: 60000ms)
  • Fallback to direct curl when possible (FlareSolverr is slower due to browser overhead)
  • Destroy sessions when done to free resources

Limitations

  • Slower than direct curl (launches headless browser)
  • Resource intensive (limit concurrent requests)
  • May not solve all captchas (most Cloudflare challenges work)
  • HTML only in response (no client-side JS execution after fetch)

Best Practices

  • Always try direct curl first
  • Use sessions for multi-page workflows
  • Set appropriate maxTimeout (default 60s, increase for slow sites)
  • Clean up sessions when done
  • Handle errors gracefully (check status field)
  • Rate limit your requests (don't overwhelm FlareSolverr or target site)
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务