Tencent CAPTCHA MCP for AI. Verify User Tickets and Score Bot Risk Instantly

Q: Do I need to call getcaptchaappinfo before verifycaptcha?

Yes. For reliable results, you must first call getcaptchaappinfo to confirm your AppId and API status are correctly configured before attempting any verification with verifycaptcha.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Connect to your AI in seconds.

Tencent CAPTCHA / 腾讯云防水墙 connects your AI agent to China's dominant anti-fraud and bot protection service. It lets you check application security setup, verify user-submitted CAPTCHA tickets (like slide or random string), and get a detailed 'EvilLevel' score.

This score tells you immediately if the user is likely human or a malicious bot.

What your AI can do

Get captcha app info

Retrieves your Tencent CAPTCHA application's current configuration and operational status.

Verify captcha

Checks a specific CAPTCHA ticket using its associated random string and returns the validation result plus an EvilLevel score.

Check Application Setup Details

Retrieves your current Tencent CAPTCHA application ID and API configuration status.

Validate User Captcha Tickets

Verifies a user's submitted CAPTCHA ticket and random string, returning the validation result and an 'EvilLevel' score.

Determine Bot Risk Score (EvilLevel)

Interprets the provided 'EvilLevel' numeric value to classify interaction risk—low-risk human vs. high-risk bot activity.

Ask an AI about this

Included with Plan

Waiting for input…

AI Agent

Tencent CAPTCHA MCP Server: 2 Tools for Bot Prevention

These two tools let you audit the security setup and verify user-submitted CAPTCHA tickets to determine if the interaction is low-risk human traffic or high-risk bot activity.

Make your AI actually useful.

Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.

Start using Tencent CAPTCHA / 腾讯云防水墙 on Vinkius

Get Captcha App Info

Retrieves your Tencent CAPTCHA application's current configuration and operational status.

Verify Captcha

Checks a specific CAPTCHA ticket using its associated random string and returns the...

Security and governance baked right in.

Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.

Claude AI

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.

Start a conversation

Open a new chat. The Tencent CAPTCHA integration is available immediately — no restart needed.

Antigravity

Configure Agent Environment

Open your Antigravity agent's workspace configuration or mcp-servers.json file.

Bind the Endpoint

Add the Vinkius endpoint URL to your agent's MCP connections list:

"mcp_servers": {
  "tencent-captcha": {
    "serverUrl": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
  }
}

Provide your secure token in place of [YOUR_TOKEN_HERE] to ensure your agent requests are authenticated.

Execute

Start your Antigravity session. The agent will autonomously discover and utilize the Tencent CAPTCHA tools with full Vinkius guardrails applied.

VS Code Copilot

⚡

One-Click Install (Recommended)

In your Vinkius Dashboard, simply click the Add to VS Code button for this server. We'll automatically configure your local workspace.

Or configure manually

Open MCP Settings

Open VS Code, press Ctrl/Cmd + Shift + P, and search for GitHub Copilot: MCP Servers.

Add Server Config

Add the Vinkius endpoint configuration to your mcp-servers.json file:

"tencent-captcha": {
  "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}

Ensure you replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

LangChain

Install Dependencies

Install the LangChain MCP adapters for your environment:

pip install langchain-mcp-adapters

Connect the Server

Use the SSEClient in LangChain to connect to the Vinkius managed endpoint:

from langchain_mcp_adapters.client import SSEClient

# Connect to Vinkius
client = SSEClient(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
tools = client.get_tools()

CrewAI

Define the Tool

Load the Vinkius MCP tools into your CrewAI agents:

from crewai import Agent
from mcp_crewai import MCPTool

# Connect securely to Vinkius
vinkius_tools = MCPTool(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

# Assign to Agent
researcher = Agent(
    role='Data Researcher',
    tools=vinkius_tools.get_all()
)

Execute Task

Run your CrewAI process. The agent will autonomously route tasks to the Vinkius managed server.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with Tencent CAPTCHA / 腾讯云防水墙, then connect any of our 5,000+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 5,000+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Tencent CAPTCHA / 腾讯云防水墙. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Works with Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This connection provides 2 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.

Handling fraud detection shouldn't require logging into three different cloud consoles.

Today, running a simple security check means jumping between the main dashboard, the API key settings page, and then finally running a test script in the console. You have to copy IDs here, paste keys there, and manually confirm status everywhere just to verify one user ticket.

With this MCP server, your agent handles all that complexity for you. It pulls the AppId status with `get_captcha_app_info` and runs verification against it using `verify_captcha`. The result—a clean risk score—shows up right in your chat window.

Tencent CAPTCHA MCP Server: Get real-time bot risk scores.

Before this, a failed verification meant you were stuck with generic error codes or had to manually interpret confusing 'EvilLevel' documentation. You couldn't tell if the failure was due to a bad ticket or poor system configuration.

Now, your agent gives you a precise security report. It verifies the CAPTCHA and tells you not just *if* it failed, but *why* it’s suspicious—a clear score that dictates whether the user gets access.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

What your AI can actually do with this

Your agent connects directly to Tencent CAPTCHA, giving you access to China’s primary anti-fraud and bot protection system. You won't ever have to deal with the actual cloud console; your agent handles all that messy security diagnostics in natural conversation flow.

To start, get_captcha_app_info pulls up your application setup details. It retrieves crucial info like your unique CaptchaAppId and confirms the operational status of the API configuration for your specific service. This tells you right away if your security integration is properly set up to go.

When a user submits credentials, verify_captcha takes over. Your agent passes two things: the user's submitted CAPTCHA ticket and the associated random string. The tool checks that combination against Tencent’s massive fraud database, returning two key pieces of data—the raw validation result and an 'EvilLevel' score.

The 'EvilLevel' number is your immediate indicator of risk. It tells you whether the interaction came from a human or a bot. A low EvilLevel, maybe around 5, means the system thinks it's a legit person. High numbers signal malicious activity—you're looking at a bot attack or sophisticated fraud attempts.

You use this score to make hard decisions: if the risk is too high, you can block the user immediately. If the level is low enough, you let them proceed with registration or payment.

This system handles all access gating for you. You'll run it on everything from secure user sign-ups to real-time transaction verification where seconds count. Your agent becomes the security coordinator that provides accurate results straight from one authorized source.

Built · Hosted · Managed by Vinkius Tencent CAPTCHA MCP Server - Verify Tickets & Anti-Bot

Server ID 019d8489-ad68-7147-861d-c8039afad3f9

Vinkius Inspector

Compliance Grade A+

Score 100/100

Report View Report ↗

Here's how it actually works

The bottom line is that your agent handles the entire security handshake—getting the config and then checking the data—in one chat session, without manual console navigation.

First, your agent calls get_captcha_app_info to pull the necessary metadata and check the status of your CaptchaAppId.

Next, you pass the user's submitted CAPTCHA ticket and random string to the verify_captcha tool.

The system returns a verification result along with an 'EvilLevel' score (e.g., 5 or 85), letting you know if the user passed validation.

What Changes When You Connect

You get an immediate risk score. Instead of just knowing 'pass/fail,' the verify_captcha tool provides an 'EvilLevel' metric (e.g., 5 vs. 85) that tells you how suspicious the user is.

Audit your setup without logging in. Use get_captcha_app_info to check your CaptchaAppId and API gateway status—it confirms everything is configured right, saving manual checks.

Handle complex verification flows simply. Your agent sequences the calls: first checking metadata with get_captcha_app_info, then running validation via verify_captcha.

Catch advanced bots. The system isn't just anti-spam; it measures behavior. High 'EvilLevel' scores point directly to malicious automation scripts, allowing you to block them upstream.

Stay compliant and accurate. It validates things like user IP formats and ticket strings, ensuring your security checks are high-precision and trustworthy.

See it in action

01 01

Stopping bot sign-ups on a new feature

A developer needs to block bots trying to spam new accounts. They ask their agent: 'Verify this ticket for the new user signup flow.' The agent runs verify_captcha, gets an EvilLevel of 92, and tells the dev to block the request immediately.

02 02

Troubleshooting a payment gateway failure

The payments team can't process transactions. They ask: 'What is the status of our CAPTCHA service?' The agent runs get_captcha_app_info, confirming the API gateway is online and the AppId is valid, solving the issue instantly.

03 03

Auditing a client's security setup

A security engineer needs to check if a new regional endpoint is configured correctly. They ask the agent to pull the app info using get_captcha_app_info, confirming region compliance and API key readiness before deployment.

04 04

Validating user input during registration

During a critical registration flow, the user submits a ticket. The agent uses verify_captcha to check the score. If it's high risk, the flow stops and asks the user for additional proof.

The honest tradeoffs

Calling verification without setup data

Anti-pattern

Running verify_captcha immediately with a ticket number because 'it should just work.' This often fails or uses outdated keys, leading to cryptic errors and failed security checks.

The Fix

Always run get_captcha_app_info first. Use the returned AppId and API details in your agent's context before attempting verify_captcha. It ensures you have the current credentials.

Ignoring the EvilLevel score

Anti-pattern

Treating any verification result as binary (pass/fail). This lets sophisticated bots through because they just pass basic CAPTCHA checks.

The Fix

Don't just check for success. Always read the 'EvilLevel.' A medium or high number signals risk, forcing you to implement stricter controls even if the ticket technically passed.

Assuming single endpoint coverage

Anti-pattern

Trying to get both configuration details and run a test verification using only one call. This is impossible; the system needs two distinct steps.

The Fix

Use get_captcha_app_info for metadata retrieval, and reserve verify_captcha strictly for running validation checks with live user data.

Questions you might have

How does Tencent CAPTCHA MCP Server calculate risk? +

It calculates risk using an 'EvilLevel' score. This numeric value is a direct output of verify_captcha and indicates the probability that the interaction came from a malicious bot or fraud script.

Do I need to call get_captcha_app_info before verify_captcha? +

Yes. For reliable results, you must first call get_captcha_app_info to confirm your AppId and API status are correctly configured before attempting any verification with verify_captcha.

What is the difference between a ticket and random string? +

The CAPTCHA ticket is the unique identifier generated by Tencent for the session. The random string is the specific secret key or code associated with that ticket, used alongside it in verify_captcha.

Can I use this server for general security auditing? +

Absolutely. You can use both tools to audit your whole setup. Use get_captcha_app_info to check the API gateway status, and then run mock verifications with verify_captcha to test end-to-end flow.

What credentials do I need to execute `verify_captcha`? +

You must provide your Tencent Cloud SecretId, SecretKey, CaptchaAppId, and AppSecretKey. These four unique identifiers are required by the server to authenticate every request. Always ensure these keys are properly loaded into your agent's environment variables before running any verification calls.

If `verify_captcha` fails, how do I debug the error? +

Check the API response status code first. A 401 usually means bad credentials or keys are wrong; a 429 signals that you've hit your rate limit quota. The full response payload will contain specific details explaining why the verification call failed.

Are there usage limits when running `verify_captcha`? +

Yes, Tencent enforces request quotas on all users. You need to monitor your account's API dashboard for current rate limits. For robust applications, write your agent code to use exponential backoff and retry logic to handle temporary service interruptions gracefully.

How do I check my project configuration using `get_captcha_app_info`? +

This tool pulls the core operational data for your CAPTCHA application. It returns vital setup details, including the registered AppId and API gateway region. You use this to confirm that your keys are linked to the expected service parameters.

How do I find my Tencent Cloud SecretId and SecretKey? +

Log in to the Tencent Cloud Console, navigate to [Access Management] -> [API Key Management] to find or generate your unique SecretId and SecretKey.

Where do I get the CaptchaAppId and AppSecretKey? +

Navigate to the Tencent CAPTCHA (防水墙) Console, select your CAPTCHA application, and you will find these identifiers in the application overview or basic information section.

What is the 'EvilLevel' metric? +

EvilLevel is a risk score (0-100) provided by Tencent Cloud to identify suspicious activity. A higher value indicates a higher probability that the user is a malicious bot or part of a fraudulent attack.

Connect to your AI in seconds.

Get captcha app info

Verify captcha

Tencent CAPTCHA MCP Server: 2 Tools for Bot Prevention

Make your AI actually useful.

Get Captcha App Info

Verify Captcha

Security and governance baked right in.

Claude AI

Open Claude Settings

Add Custom Connector

Start a conversation

Claude Code

Open your terminal

Add the MCP Server

Start coding

Cursor

One-Click Install (Recommended)

Open Cursor Settings

Add New Server

Use in Composer

Antigravity

Configure Agent Environment

Bind the Endpoint

Execute

VS Code Copilot

One-Click Install (Recommended)

Open MCP Settings

Add Server Config

Windsurf

One-Click Install (Recommended)

Open Windsurf Settings

Add Server Endpoint

LangChain

Install Dependencies

Connect the Server

CrewAI

Define the Tool

Execute Task

Choose How to Get Started

Build Your Own

Make Your AI Do More

Works with Claude, ChatGPT, Cursor, and more

Handling fraud detection shouldn't require logging into three different cloud consoles.

Tencent CAPTCHA MCP Server: Get real-time bot risk scores.

What your AI can actually do with this

Here's how it actually works

Who is this actually for?

What Changes When You Connect

See it in action

Stopping bot sign-ups on a new feature

Troubleshooting a payment gateway failure

Auditing a client's security setup

Validating user input during registration

The honest tradeoffs

Calling verification without setup data

Ignoring the EvilLevel score

Assuming single endpoint coverage

When It Fits, When It Doesn't

Questions you might have