Tencent CAPTCHA MCP. Verify User Tickets and Score Bot Risk Instantly
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Tencent CAPTCHA / 腾讯云防水墙 connects your AI agent to China's dominant anti-fraud and bot protection service. It lets you check application security setup, verify user-submitted CAPTCHA tickets (like slide or random string), and get a detailed 'EvilLevel' score.
This score tells you immediately if the user is likely human or a malicious bot.
What your AI agents can do
Get captcha app info
Retrieves your Tencent CAPTCHA application's current configuration and operational status.
Verify captcha
Checks a specific CAPTCHA ticket using its associated random string and returns the validation result plus an EvilLevel score.
Retrieves your current Tencent CAPTCHA application ID and API configuration status.
Verifies a user's submitted CAPTCHA ticket and random string, returning the validation result and an 'EvilLevel' score.
Interprets the provided 'EvilLevel' numeric value to classify interaction risk—low-risk human vs. high-risk bot activity.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Tencent CAPTCHA MCP Server: 2 Tools for Bot Prevention
These two tools let you audit the security setup and verify user-submitted CAPTCHA tickets to determine if the interaction is low-risk human traffic or high-risk bot activity.
019d8489get captcha app info
Retrieves your Tencent CAPTCHA application's current configuration and operational status.
019d8489verify captcha
Checks a specific CAPTCHA ticket using its associated random string and returns the validation result plus an EvilLevel score.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Tencent CAPTCHA / 腾讯云防水墙, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Your agent connects directly to Tencent CAPTCHA, giving you access to China’s primary anti-fraud and bot protection system. You won't ever have to deal with the actual cloud console; your agent handles all that messy security diagnostics in natural conversation flow.
To start, get_captcha_app_info pulls up your application setup details. It retrieves crucial info like your unique CaptchaAppId and confirms the operational status of the API configuration for your specific service. This tells you right away if your security integration is properly set up to go.
When a user submits credentials, verify_captcha takes over. Your agent passes two things: the user's submitted CAPTCHA ticket and the associated random string. The tool checks that combination against Tencent’s massive fraud database, returning two key pieces of data—the raw validation result and an 'EvilLevel' score.
The 'EvilLevel' number is your immediate indicator of risk. It tells you whether the interaction came from a human or a bot. A low EvilLevel, maybe around 5, means the system thinks it's a legit person. High numbers signal malicious activity—you're looking at a bot attack or sophisticated fraud attempts.
You use this score to make hard decisions: if the risk is too high, you can block the user immediately. If the level is low enough, you let them proceed with registration or payment.
This system handles all access gating for you. You'll run it on everything from secure user sign-ups to real-time transaction verification where seconds count. Your agent becomes the security coordinator that provides accurate results straight from one authorized source.
How Tencent CAPTCHA MCP Works
- 1 First, your agent calls
get_captcha_app_infoto pull the necessary metadata and check the status of your CaptchaAppId. - 2 Next, you pass the user's submitted CAPTCHA ticket and random string to the
verify_captchatool. - 3 The system returns a verification result along with an 'EvilLevel' score (e.g., 5 or 85), letting you know if the user passed validation.
The bottom line is that your agent handles the entire security handshake—getting the config and then checking the data—in one chat session, without manual console navigation.
Who Is Tencent CAPTCHA MCP For?
Security engineers who are tired of cross-referencing multiple dashboards to figure out if a bot got through. Backend architects building sign-up or payment flows that can't afford fraud. DevOps teams needing to audit the security API connection without logging into Tencent Cloud.
Automates risk assessments and monitors CAPTCHA delivery health by running diagnostic checks via natural language.
Integrates world-class bot protection into API endpoints, making sure sign-up or transaction flows reject suspicious traffic immediately.
Audits security configurations and verifies the operational status of the CAPTCHA service directly from their workflow workspace.
What Changes When You Connect
- You get an immediate risk score. Instead of just knowing 'pass/fail,' the
verify_captchatool provides an 'EvilLevel' metric (e.g., 5 vs. 85) that tells you how suspicious the user is. - Audit your setup without logging in. Use
get_captcha_app_infoto check your CaptchaAppId and API gateway status—it confirms everything is configured right, saving manual checks. - Handle complex verification flows simply. Your agent sequences the calls: first checking metadata with
get_captcha_app_info, then running validation viaverify_captcha. - Catch advanced bots. The system isn't just anti-spam; it measures behavior. High 'EvilLevel' scores point directly to malicious automation scripts, allowing you to block them upstream.
- Stay compliant and accurate. It validates things like user IP formats and ticket strings, ensuring your security checks are high-precision and trustworthy.
Real-World Use Cases
Stopping bot sign-ups on a new feature
A developer needs to block bots trying to spam new accounts. They ask their agent: 'Verify this ticket for the new user signup flow.' The agent runs verify_captcha, gets an EvilLevel of 92, and tells the dev to block the request immediately.
Troubleshooting a payment gateway failure
The payments team can't process transactions. They ask: 'What is the status of our CAPTCHA service?' The agent runs get_captcha_app_info, confirming the API gateway is online and the AppId is valid, solving the issue instantly.
Auditing a client's security setup
A security engineer needs to check if a new regional endpoint is configured correctly. They ask the agent to pull the app info using get_captcha_app_info, confirming region compliance and API key readiness before deployment.
Validating user input during registration
During a critical registration flow, the user submits a ticket. The agent uses verify_captcha to check the score. If it's high risk, the flow stops and asks the user for additional proof.
The Tradeoffs
Calling verification without setup data
Running verify_captcha immediately with a ticket number because 'it should just work.' This often fails or uses outdated keys, leading to cryptic errors and failed security checks.
→
Always run get_captcha_app_info first. Use the returned AppId and API details in your agent's context before attempting verify_captcha. It ensures you have the current credentials.
Ignoring the EvilLevel score
Treating any verification result as binary (pass/fail). This lets sophisticated bots through because they just pass basic CAPTCHA checks.
→ Don't just check for success. Always read the 'EvilLevel.' A medium or high number signals risk, forcing you to implement stricter controls even if the ticket technically passed.
Assuming single endpoint coverage
Trying to get both configuration details and run a test verification using only one call. This is impossible; the system needs two distinct steps.
→
Use get_captcha_app_info for metadata retrieval, and reserve verify_captcha strictly for running validation checks with live user data.
When It Fits, When It Doesn't
Use this server if your application flow involves any form of account creation, login, or sensitive transaction where bot spam or automated fraud is a concern. The core problem you solve is establishing trust in the input data.
Don't use it if you only need to check internal API connectivity without user-provided tokens. For those simple checks, another monitoring tool might suffice. But if you need proof that an end-user actually solved a CAPTCHA puzzle and what level of risk they represent, this is the gold standard. The sequential nature—Info then Verify—is non-negotiable for reliable results.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Tencent CAPTCHA / 腾讯云防水墙. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 2 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Handling fraud detection shouldn't require logging into three different cloud consoles.
Today, running a simple security check means jumping between the main dashboard, the API key settings page, and then finally running a test script in the console. You have to copy IDs here, paste keys there, and manually confirm status everywhere just to verify one user ticket.
With this MCP server, your agent handles all that complexity for you. It pulls the AppId status with `get_captcha_app_info` and runs verification against it using `verify_captcha`. The result—a clean risk score—shows up right in your chat window.
Tencent CAPTCHA MCP Server: Get real-time bot risk scores.
Before this, a failed verification meant you were stuck with generic error codes or had to manually interpret confusing 'EvilLevel' documentation. You couldn't tell if the failure was due to a bad ticket or poor system configuration.
Now, your agent gives you a precise security report. It verifies the CAPTCHA and tells you not just *if* it failed, but *why* it’s suspicious—a clear score that dictates whether the user gets access.
Common Questions About Tencent CAPTCHA MCP
How does Tencent CAPTCHA MCP Server calculate risk? +
It calculates risk using an 'EvilLevel' score. This numeric value is a direct output of verify_captcha and indicates the probability that the interaction came from a malicious bot or fraud script.
Do I need to call get_captcha_app_info before verify_captcha? +
Yes. For reliable results, you must first call get_captcha_app_info to confirm your AppId and API status are correctly configured before attempting any verification with verify_captcha.
What is the difference between a ticket and random string? +
The CAPTCHA ticket is the unique identifier generated by Tencent for the session. The random string is the specific secret key or code associated with that ticket, used alongside it in verify_captcha.
Can I use this server for general security auditing? +
Absolutely. You can use both tools to audit your whole setup. Use get_captcha_app_info to check the API gateway status, and then run mock verifications with verify_captcha to test end-to-end flow.
What credentials do I need to execute `verify_captcha`? +
You must provide your Tencent Cloud SecretId, SecretKey, CaptchaAppId, and AppSecretKey. These four unique identifiers are required by the server to authenticate every request. Always ensure these keys are properly loaded into your agent's environment variables before running any verification calls.
If `verify_captcha` fails, how do I debug the error? +
Check the API response status code first. A 401 usually means bad credentials or keys are wrong; a 429 signals that you've hit your rate limit quota. The full response payload will contain specific details explaining why the verification call failed.
Are there usage limits when running `verify_captcha`? +
Yes, Tencent enforces request quotas on all users. You need to monitor your account's API dashboard for current rate limits. For robust applications, write your agent code to use exponential backoff and retry logic to handle temporary service interruptions gracefully.
How do I check my project configuration using `get_captcha_app_info`? +
This tool pulls the core operational data for your CAPTCHA application. It returns vital setup details, including the registered AppId and API gateway region. You use this to confirm that your keys are linked to the expected service parameters.
How do I find my Tencent Cloud SecretId and SecretKey? +
Log in to the Tencent Cloud Console, navigate to [Access Management] -> [API Key Management] to find or generate your unique SecretId and SecretKey.
Where do I get the CaptchaAppId and AppSecretKey? +
Navigate to the Tencent CAPTCHA (防水墙) Console, select your CAPTCHA application, and you will find these identifiers in the application overview or basic information section.
What is the 'EvilLevel' metric? +
EvilLevel is a risk score (0-100) provided by Tencent Cloud to identify suspicious activity. A higher value indicates a higher probability that the user is a malicious bot or part of a fraudulent attack.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
UKG Pro Workforce Management
Manage schedules, timesheets, accruals, and time-off requests via UKG Pro WFM.
NeetoCal
Let clients book appointments through your personalized scheduling page with calendar sync and automatic reminders.
Zoho CRM Activities
Create and manage tasks, calls, events, and notes — full activity tracking for your Zoho CRM.
You might also like
Flickr Photo Discovery
Universal photography intelligence — search millions of public photos via AI.
Fieldfolio
Connect Fieldfolio to automate wholesale management — manage products, orders, and inventory directly from your AI agent.
Commerce Layer
Add headless commerce capabilities to any website or app with APIs for orders, SKUs, prices, and inventory management.