Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Firecrawl Cli
v1.0.0When the user wants to scrape, crawl, or extract content from websites. Also use when the user mentions 'scrape site,' 'crawl website,' 'extract content,' 'w...
⭐ 0· 76·0 current·1 all-time
byMario Karras@mariokarras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md explicitly instructs the agent to run a Firecrawl CLI (firecrawl.js) to perform scrapes, crawls, agent-driven extraction, and async jobs. However, the skill metadata lists no required binaries, no install spec, and no required environment variables/credentials. A CLI that starts remote crawl jobs typically requires a binary and an API key or config; that expected linkage is missing and therefore incoherent.
Instruction Scope
Runtime instructions direct the agent to read workspace files if present (e.g., .agents/product-marketing-context.md or .claude/product-marketing-context.md) before asking questions. That lets the skill read arbitrary repository/agent-local files, which can include sensitive information. The SKILL.md also references starting async jobs, polling, and previewing API requests (dry-run) but does not state what remote endpoints are used, where scraped data is stored, or whether data is transmitted off-host.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes direct disk writes from the skill bundle itself. However, the instructions expect firecrawl.js to exist in the environment; the absence of an install mechanism or declared required binary is an inconsistency (it is unclear how the CLI will be provided). That ambiguity could lead to ad-hoc fetching/execution behavior by the agent or user.
Credentials
No environment variables or primary credential are declared, yet the CLI semantics (async jobs, --max-credits, polling, agent autonomous gathering) strongly imply interaction with a remote service that would normally require authentication and possibly billing credentials. The skill also instructs reading local context files, increasing access to potential secrets. The lack of declared credentials is disproportionate to the implied capabilities.
Persistence & Privilege
The skill is not always-enabled (always: false) and does not request elevated platform privileges in the metadata. SKILL.md does not instruct modifying other skills or global agent settings. Autonomous invocation is allowed by default, which is normal for skills; this is not sufficient alone to escalate concern.
What to consider before installing
Before installing or using this skill, ask the publisher for: (1) an authoritative install method or package (where does firecrawl.js come from?), (2) the exact network endpoints the CLI talks to and where scraped data is stored or transmitted, (3) required credentials or config (e.g., FIRECRAWL_API_KEY or similar) and why those are needed, and (4) privacy/legal constraints for crawling target sites. Consider running the CLI only in a sandboxed environment and avoid granting it access to sensitive workspace files until you confirm it only needs a specific, limited context file. If you rely on the skill to read .agents/product-marketing-context.md (or similar), inspect that file for secrets first. If the author cannot explain the missing binary/install and missing auth requirements, treat the package as risky.Like a lobster shell, security has layers — review code before you run it.
latestvk970smvr5fynxsdvtbzc2ydr5h839nz6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.