ClawHub

Firecrawl Wrapper

Security checks across malware telemetry and agentic risk

Overview

This Firecrawl wrapper is mostly coherent, but it enables broad crawling and account-style website interactions without enough scoping or user warnings.

Install only if you are comfortable sending URLs, queries, prompts, and page contents to Firecrawl. Avoid using it on private, authenticated, regulated, or account-changing workflows unless you explicitly review the target, page limit, and action first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases for search are broad everyday language such as '搜一下' or '帮我找', which can cause the skill to activate in situations where the user did not explicitly intend web search. Ambiguous activation can lead to unplanned network requests and external data disclosure through query transmission.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The scrape triggers are generic conversational phrases like '看看这个页面' and '把内容拿出来', which are likely to overlap with normal assistant requests. That raises the risk of unintended page fetching, including retrieval of sensitive URLs or private content the user mentioned incidentally.

Vague Triggers

Low
Confidence
82% confidence
Finding
The site-mapping examples are underspecified and could trigger broad enumeration of a site from vague user phrasing. Although lower impact than interaction or full crawl, unintended mapping still causes unsolicited outbound requests and may expose browsing targets or internal site structure.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Whole-site crawling is a high-impact action, yet the triggers are broad and the default behavior permits substantial collection across up to 50 pages, with larger runs if the user asks. Ambiguous invocation here can cause excessive data collection, higher privacy risk, and potentially abusive traffic against third-party sites.

Missing User Warnings

High
Confidence
97% confidence
Finding
The interaction feature explicitly supports actions like filling forms, logging in, and downloading reports, but the skill provides no warning about sensitive or account-affecting operations. This makes it easier for users to trigger actions that could submit data, alter accounts, or access private resources without informed consent or guardrails.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages scraping, crawling, and extraction of arbitrary web content without warning users that page contents, including potentially sensitive or regulated data, may be fetched and processed by an external service. Missing privacy disclosure increases the chance of accidental collection or transmission of confidential information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The extract command sends a user-supplied URL and free-form prompt to the external Firecrawl service, which may expose sensitive browsing targets, proprietary page content, or confidential extraction instructions to a third party. In this skill context, external transmission is the core feature, but the lack of explicit disclosure/consent still creates a real privacy and data-handling risk for users.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The search command forwards the user's query to Firecrawl's remote API without any explicit notice in the code's user-facing flow. This is lower impact than content extraction, but queries can still contain sensitive research topics, internal project names, or personal data that users may not expect to leave the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal