ClawHub

Firecrawl

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Firecrawl skill that is coherent with its web scraping purpose, but users should be careful with third-party data sharing and the insecure self-hosting example.

Before installing, understand that Firecrawl requests may send target URLs, prompts, schemas, and scraped page content to Firecrawl unless you self-host. Do not submit secrets, authenticated pages, or internal-only URLs without authorization. If self-hosting, do not expose the provided Docker example to the internet as-is; bind to localhost or a private network and enable authentication or a protected reverse proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference documents multiple endpoints that send user-supplied URLs, crawled page contents, and extracted data to Firecrawl's external API, but it provides no explicit warning that this is third-party transmission. In an agent skill context, that omission can cause users or downstream developers to unknowingly send sensitive internal URLs, authenticated content, or proprietary page data to an external service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example configuration binds the API to all interfaces and explicitly disables database-backed authentication, creating an unauthenticated remotely reachable service by default. In a self-hosting guide for a web scraping platform, this is dangerous because exposed instances may allow unauthorized API use, abuse of crawling/scraping infrastructure, and potential access to internal admin or job-processing functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal