ClawHub

Firecrawl

Security checks across malware telemetry and agentic risk

Overview

This Firecrawl skill has powerful web crawling, browser, and agent features, but the artifacts disclose them and keep them aligned with the stated web-extraction purpose.

Install only if you trust Maton and Firecrawl with the URLs, prompts, page content, and headers you submit. Keep MATON_API_KEY, connection URLs, and browser session URLs private. Approve specific targets and limits before running crawls, browser actions, custom headers, or agent jobs, especially because they can interact with sites and consume credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames the skill as scraping, crawling, mapping, and search, but the document also exposes interactive browser sessions and autonomous agent execution. That scope mismatch can mislead downstream policy or approval systems and cause users to authorize a capability set broader than advertised.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Creating interactive browser sessions over CDP enables much more than passive content extraction, including authenticated browsing and active site interaction. In a skill presented primarily as web extraction, this broadens the attack surface and increases the chance of unsafe or unintended actions.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The autonomous agent endpoint can navigate and act across sites based on a prompt, which materially exceeds simple scraping/search functionality. This is dangerous because prompt-driven autonomous actions are harder for users and orchestrators to predict, constrain, and review before execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal