Web Scraper - Firecrawl

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Firecrawl web-scraping helper, but users should be careful about what URLs and scraped data they send to the Firecrawl service or save locally.

Install only if you are comfortable using Firecrawl as an external service. Use a dedicated, revocable API key, avoid private/internal URLs or secrets in URL lists and schemas, scrape only content you are authorized to process, and store exported crawl results in locations you can review and clean up.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises and documents capabilities that use environment variables, network access, and local file input/output, but it does not declare permissions or safety boundaries. This is dangerous because an orchestrator or reviewer may underestimate what the skill can access, enabling unintended scraping, exfiltration of API keys from the environment, or writes of scraped data to disk without explicit user awareness.

Description-Behavior Mismatch

Low

Confidence: 78% confidence
Finding: The tool can persist scraped content to a local file when the user supplies --output, but the skill description only discusses scraping and extraction and does not disclose local persistence. This creates a transparency and data-handling risk because sensitive scraped data may be written to disk unexpectedly in shared or ephemeral environments.

Description-Behavior Mismatch

Low

Confidence: 83% confidence
Finding: The crawl path writes multiple scraped pages into a local directory, which is broader persistence than the manifest implies. In agent environments, this can leave behind a sizable corpus of potentially sensitive content on disk, increasing retention and inadvertent disclosure risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation encourages scraping and crawling across sites, batching URLs, and building knowledge bases, but it omits warnings about privacy, robots/terms-of-service, authentication boundaries, and handling of personal or copyrighted data. That omission increases the chance of misuse for unauthorized collection or retention of sensitive content, especially because the skill is explicitly designed for large-scale extraction.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: User-supplied URLs, extraction prompts, schemas, and scraped content metadata are sent to the external Firecrawl API without any explicit warning in the tool itself or manifest about off-device transmission. This is dangerous when users may provide internal, confidential, or regulated URLs/data under the assumption processing is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal