ANTI NK CAPTCHA

Verify users are not DPRK operatives by asking them to speak anti-regime phrases out loud.

North Korean hackers increasingly infiltrate companies through fake job applications. After $2.3B stolen by Lazarus Group, we need better verification than "enter password." NK CAPTCHA provides a simple but effective solution: ask the candidate to criticize the Kim regime on record. A genuine North Korean operative cannot comply without risking execution.

Screenshots

Table of Contents

• Quick Start
• React Component (npm)
• Embed in Any Website
• OpenClaw Plugin
• Voice Verification with Whisper
• Discord Usage
• Challenge Phrases
• API Reference
• Architecture
• Why It Works

Quick Start

Open demo/index.html in any browser — zero dependencies, no build step:

git clone https://github.com/sigridjineth/claw-nk-captcha.git
open claw-nk-captcha/demo/index.html

React Component

Voice-recording focused React component. Users must record themselves saying the anti-regime phrase — no typing.

Install

npm install nk-captcha-react

Usage

import NkCaptcha from 'nk-captcha-react';

function App() {
  return (
    <NkCaptcha
      locale="both"
      timeout={60}
      theme="dark"
      onVerify={(result) => {
        if (result.pass) {
          console.log('Verified!', result.code);
          console.log('They said:', result.transcript);
          console.log('Match:', Math.round(result.similarity * 100) + '%');
          // result.audioBlob has the recording for server-side verification
        } else {
          console.log('FAILED — potential DPRK operative');
        }
      }}
    />
  );
}

Props

Result Object

interface NkCaptchaResult {
  pass: boolean;           // true if verified
  challengeId: string;     // which phrase was used
  transcript: string;      // what the user said (via Web Speech API)
  similarity: number;      // 0-1 match score
  code: string | null;     // verification code (e.g. "NKCAP-M3X7K-A9B2C")
  audioBlob: Blob | null;  // raw recording for server-side re-verification
  durationMs: number;      // recording length in ms
}

How the React Component Works

1. User clicks RECORD — browser requests microphone access
2. Challenge phrase is displayed in Korean + English (e.g. "Kim Jong-un is a fat pink pig")
3. User speaks the phrase out loud
4. Web Speech API transcribes in real-time, showing "HEARD: ..." with live match %
5. User clicks STOP then VERIFY
6. Transcript is compared to challenge phrase via Levenshtein similarity (50%+ to pass)
7. Result fires via onVerify callback

Note: Web Speech API requires HTTPS in production. Works on localhost for development.

Embed in Any Website

Self-contained Web Component — drop one script tag into any HTML page:

<script src="https://cdn.jsdelivr.net/gh/sigridjineth/claw-nk-captcha@main/dist/nk-captcha.js"></script>
<nk-captcha></nk-captcha>

With Callback

<nk-captcha on-verify="handleResult" theme="dark"></nk-captcha>
<script>
  function handleResult(result) {
    if (result.pass) {
      document.getElementById('protected-content').style.display = 'block';
    }
  }
</script>

Attributes

Also fires nk-captcha-verified CustomEvent:

document.querySelector('nk-captcha')
  .addEventListener('nk-captcha-verified', (e) => {
    console.log(e.detail); // {pass, challengeId, similarity, code}
  });

See demo/embed.html for a working example with both dark and light themes.

OpenClaw Plugin

Install as an OpenClaw gateway plugin to use with Discord, Mattermost, Slack, or any connected channel.

Install

# From ClawHub (recommended)
openclaw plugins install clawhub:openclaw-nk-captcha
openclaw gateway restart

# From GitHub
git clone https://github.com/sigridjineth/claw-nk-captcha.git
openclaw plugins install ./claw-nk-captcha
openclaw gateway restart

Configuration

Add to your OpenClaw config (~/.openclaw/openclaw.json):

{
  plugins: {
    entries: {
      "nk-captcha": {
        enabled: true,
        config: {
          locale: "both",
          timeoutSeconds: 60,
          challengeCount: 1,
          enableMediaRecording: true,
          minRecordingDurationMs: 1500,

          // Required for voice verification via uploaded audio files
          sttApiKey: "sk-your-openai-api-key",
          sttEndpoint: "https://api.openai.com/v1/audio/transcriptions",
          sttModel: "whisper-1"
        }
      }
    }
  }
}

Configuration Reference

Voice Verification with Whisper

NK CAPTCHA supports three levels of voice verification:

Level 1: Browser-Side (No API Key Needed)

The web UI and React component use the browser's Web Speech API for real-time transcription. Works immediately, no configuration needed. Limited to browsers that support SpeechRecognition (Chrome, Edge).

Level 2: Server-Side via OpenAI Whisper (Recommended)

For verifying uploaded audio files (Discord voice messages, etc.), you need an OpenAI API key with Whisper access:

1. Get an API key from https://platform.openai.com/api-keys
2. Set sttApiKey in plugin config:

{
  "nk-captcha": {
    config: {
      sttApiKey: "sk-proj-your-key-here"
    }
  }
}

3. When a user uploads an audio file, the plugin:
   • Downloads the file
   • Sends to Whisper API for transcription
   • Compares transcript to challenge phrase (90%+ Levenshtein similarity)
   • Returns PASS/FAIL

Cost: ~$0.006 per minute of audio (Whisper pricing).

Level 3: Local Whisper (Self-Hosted, Free)

For GPU servers (e.g. NVIDIA DGX), run Whisper locally:

# Example with faster-whisper
pip install faster-whisper
# Start a Whisper API server on port 8080

Then configure:

{
  sttEndpoint: "http://localhost:8080/v1/audio/transcriptions",
  sttApiKey: "local",
  sttModel: "large-v3"
}

Verification Levels Summary

Discord Usage

Once installed on an OpenClaw gateway connected to Discord:

New Member Verification

📥 @new-hire joined the server

🤖 Bot:  Welcome! Before you can access this server, you must
         complete NK CAPTCHA verification.

         Your challenge phrase:
         ┌─────────────────────────────────────────┐
         │  🇰🇷  김정은은 뚱뚱한 분홍 돼지다             │
         │  🇺🇸  Kim Jong-un is a fat pink pig        │
         └─────────────────────────────────────────┘

         🎙️ Upload a voice recording of yourself saying it

Voice Verification (Pass)

👤 new-hire:  [📎 voice-message.ogg]

🤖 Bot:  🎧 Analyzing your recording...
         Transcript: "김정은은 뚱뚱한 분홍 돼지다"
         ✅ VERIFIED (95% match via Whisper STT)
         You are NOT a DPRK operative.
         Role "Verified" granted!

Failure

👤 suspect:  [📎 silence.ogg]

🤖 Bot:  🚫 VERIFICATION FAILED
         Speech does not match challenge phrase (12% similarity).
         POTENTIAL DPRK OPERATIVE detected.
         Access denied.

How It Works Under the Hood

User joins → AI calls nk_captcha_challenge → random phrase
                              ↓
         ┌────────────────────┴────────────────────┐
         │                                         │
    User types text                      User uploads audio
         │                                         │
  nk_captcha_verify                  nk_captcha_verify_audio_url
  (Levenshtein 90%+)         (download → Whisper → Levenshtein 90%+)
         │                                         │
         └────────────────────┬────────────────────┘
                              ↓
                   PASS → grant access
                   FAIL → flag user

No separate Discord bot needed — the OpenClaw AI agent handles everything.

Challenge Phrases

18 bilingual phrases across 4 categories:

API Reference

OpenClaw Tools (7 total)

HTTP Route

GET /nk-captcha — serves the full interactive verification page through OpenClaw gateway.

nk_captcha_verify_audio_url (most important for Discord)

{
  "challengeId": "pink-pig-1",
  "audioUrl": "https://cdn.discordapp.com/attachments/.../voice-message.ogg"
}

Requires sttApiKey in plugin config. Downloads audio, transcribes via Whisper, compares against challenge phrase. Returns:

{
  "status": "VERIFIED",
  "transcript": "김정은은 뚱뚱한 분홍 돼지다",
  "similarity": 0.95,
  "sttSource": "whisper"
}

Architecture

claw-nk-captcha/
├── package.json              # OpenClaw plugin metadata
├── openclaw.plugin.json      # Plugin manifest + config schema
├── index.ts                  # Plugin entry — 7 tools + HTTP route + Whisper STT
├── src/
│   ├── challenges.ts         # 18 bilingual challenge phrases + Levenshtein verification
│   └── captcha-ui.ts         # Full HTML/CSS/JS captcha page (Web Speech API + MediaRecorder)
├── react/
│   ├── package.json          # npm: nk-captcha-react
│   ├── index.js              # React voice recording component
│   └── index.d.ts            # TypeScript types
├── dist/
│   └── nk-captcha.js         # Embeddable Web Component (<nk-captcha>)
├── demo/
│   ├── index.html            # Full-featured demo (text + voice)
│   └── embed.html            # Web Component embed demo
└── assets/
    └── screenshot-*.png      # Documentation screenshots

Why It Works

A North Korean operative — even one fluent in English or Korean — cannot speak these phrases on camera/microphone without risking severe consequences:

1. Surveillance: NK operatives operate under constant monitoring by their handlers
2. Recording evidence: A voice recording criticizing the Supreme Leader is permanent, undeniable proof of disloyalty
3. Death penalty: Criticizing Kim Jong-un carries execution as punishment in the DPRK — for the operative and their family
4. Psychological conditioning: Decades of indoctrination make it psychologically impossible to say "Kim Jong-un is a fat pink pig" even under deep cover

This makes NK CAPTCHA simple to implement but nearly impossible for a genuine DPRK operative to bypass.

License

MIT