Firecrawl Build Search

Security checks across malware telemetry and agentic risk

Overview

This Firecrawl search skill is a coherent external search integration with no executable or hidden behavior, but users should avoid sending sensitive queries unless their Firecrawl setup is approved for that data.

Install this only if you want your agent to use Firecrawl for live web search. Do not put secrets, regulated personal data, customer records, or confidential internal project details into search queries unless your Firecrawl or self-hosted deployment is approved for that data and its logging and retention behavior are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill requires a Firecrawl API key and promotes use of an external `/search` service, but it does not clearly disclose that user queries may be transmitted to a third-party system. This creates a real privacy and data-handling risk because users or downstream developers may unknowingly send sensitive prompts, internal project names, or regulated information off-platform.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal