Firecrawler
PassAudited by ClawScan on May 1, 2026.
Overview
Firecrawler is a coherent Firecrawl API helper, with expected notes around its API key, third-party provider use, and unpinned SDK install.
This skill appears appropriate for Firecrawl-based scraping and crawling. Before installing, configure a Firecrawl API key you are comfortable using, be mindful of credit costs, avoid sending sensitive URLs or prompts, and consider pinning the Firecrawl SDK version.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can spend Firecrawl credits under the configured account.
The skill requires a Firecrawl API key, while the registry metadata says there is no primary credential or required environment variable. This is disclosed and purpose-aligned, but it gives the skill access to the user's Firecrawl account credits.
export FIRECRAWL_API_KEY=fc-your-key-here
Use a Firecrawl key with appropriate account limits and remove or rotate it if you stop using the skill.
A future or unexpected SDK version could behave differently from the version the author tested.
The setup installs an unpinned third-party SDK. This is expected for a Firecrawl integration, but the artifacts do not pin a version or provide a lockfile.
pip3 install firecrawl
Install the SDK from a trusted package index and consider pinning a known-good Firecrawl SDK version in your environment.
Large crawls may spend API credits or collect more web content than intended.
The skill can crawl many pages through Firecrawl. This is central to the stated purpose and the documentation warns about credits, but users should keep limits reasonable.
python3 fc.py crawl "https://docs.example.com" --limit 50 --output ./docs
Set explicit, modest crawl and map limits and review the target URL before running broad crawls.
Information included in URLs, search queries, extraction prompts, or schemas may be sent to Firecrawl.
The script uses Firecrawl as an external provider for URLs, searches, screenshots, and extraction requests. This is disclosed by the skill purpose, but user-supplied URLs, queries, schemas, and prompts may be processed by that provider.
return Firecrawl(api_key=api_key)
Avoid sending private URLs, secrets, or sensitive prompts unless Firecrawl's data handling is acceptable for your use case.