Firecrawl Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Firecrawl API wrapper; it uses a Firecrawl API key and can fetch or crawl web content, but the artifacts show no hidden exfiltration or destructive behavior.
Before installing, make sure you trust using Firecrawl for your searches, scrapes, and crawls; set FIRECRAWL_API_KEY only if you are comfortable spending that account’s quota. Treat returned webpage content as untrusted, and confirm crawl targets and limits before starting larger crawls.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised webpage could include text that tries to influence the agent’s next actions.
The skill can retrieve arbitrary webpage text and place it into the agent-facing output. This is expected for a scraper, but webpage content should be treated as untrusted and not as instructions to the agent.
parser.add_argument("url", help="URL to scrape") ... print(data["markdown"])Treat scraped and searched content as untrusted reference material; confirm any instructions or actions suggested by web content before following them.
Using crawl commands may spend Firecrawl credits and request multiple pages from a target site.
The crawl script can start a Firecrawl crawl job for a supplied URL, with a default page limit. This is purpose-aligned, but it can consume API quota and cause external crawling activity.
req_url = "https://api.firecrawl.dev/v1/crawl" ... parser.add_argument("--max-pages", type=int, default=50, help="Max pages to crawl")Confirm crawl targets and page limits before use, and monitor Firecrawl quota or billing.
Anyone running the skill with a valid API key allows it to use that Firecrawl account and quota.
The script reads a Firecrawl API key from the environment and sends it as a bearer token to the Firecrawl API. This is expected for the stated integration, but it is still delegated account access.
api_key = os.environ.get("FIRECRAWL_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a Firecrawl key you intend to use with this skill, keep it private, rotate it if exposed, and prefer account-level limits where available.
Users may not see the credential requirement or publisher provenance from metadata alone.
The registry metadata provides limited provenance and does not declare the API key requirement that SKILL.md and the scripts use. The included code is simple and purpose-aligned, so this is a disclosure/provenance note rather than a concern.
Source: unknown; Homepage: none; Required env vars: none; Env var declarations: none; Primary credential: none
Review the included scripts before installing and prefer updated metadata that declares FIRECRAWL_API_KEY and a verifiable project source.