v1.0.1

Web Researcher Mini

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:33 AM.

Analysis

The Firecrawl web-research instructions are mostly coherent, but the package bundles extra summarization and credential/install instructions that are not fully reflected in the registry metadata.

GuidanceBefore installing, confirm that you want both the Firecrawl and summarize capabilities, verify the external packages and owners, avoid sudo installs where possible, and only provide API keys or local files you are comfortable using with those services.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

summarize/_meta.json

"slug": "summarize", "ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26"

The evaluated package is Web Researcher Mini, but the artifact bundle includes a separate summarize skill with its own slug and owner metadata, creating bundled-skill provenance ambiguity.

User impactInstalling this package may expose the agent to capabilities beyond the advertised Firecrawl web researcher.

RecommendationReview whether the bundled summarize skill is intended, and require the package metadata to clearly list all included skills, owners, and dependencies.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

firecrawl-skills/rules/install.md

npm install -g firecrawl-cli ... sudo npm install -g firecrawl-cli

The Firecrawl CLI install is central to the skill purpose, but it is a global, unpinned package install and includes a sudo fallback option.

User impactA global install changes the local environment and could run package installation code with broad permissions, especially if sudo is used.

RecommendationInstall from a trusted source, avoid sudo unless absolutely necessary, and consider pinning or verifying the package version.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

firecrawl-skills/SKILL.md

Run multiple scrapes in parallel using `&` and `wait` ... `xargs -P 10`

The skill documents bulk and parallel scraping. This fits the web research purpose, but it can consume Firecrawl credits and generate many external requests.

User impactLarge or parallel crawls may use API credits quickly or scrape more pages than intended.

RecommendationSet explicit limits, depths, paths, and concurrency before allowing broad crawls or parallel scraping.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

summarize/SKILL.md

Set the API key for your chosen provider:
- OpenAI: `OPENAI_API_KEY`
- Anthropic: `ANTHROPIC_API_KEY`
- xAI: `XAI_API_KEY`
- Google: `GEMINI_API_KEY`

The included summarize skill requests multiple external model-provider credentials, which broadens the credential surface beyond the Firecrawl-focused registry description.

User impactProviding these keys could grant the skill access to paid provider accounts and billing outside the core Firecrawl workflow.

RecommendationOnly provide credentials for services you intentionally want this skill to use, prefer least-privileged keys, and verify that credential requirements are declared before installing.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

summarize/SKILL.md

Fast CLI to summarize URLs, local files, and YouTube links. ... summarize "/path/to/file.pdf" --model google/gemini-3-flash-preview

The included summarizer can process local files with an external model selection; this is purpose-aligned for summarization but should be treated as a data-boundary decision.

User impactSensitive local files could be processed through an external summarization workflow if the user invokes that capability.

RecommendationUse the summarizer only on files you intend to share with the selected provider, and avoid private or regulated data unless you have reviewed the provider handling.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

firecrawl-skills/SKILL.md

Create a `.firecrawl/` folder in the working directory ... Firecrawl returns clean markdown optimized for LLM context windows

The skill stores retrieved web content for later LLM use. Web content is untrusted and may contain text that should not be treated as authoritative instructions.

User impactScraped pages could influence later agent reasoning if read back into context without source awareness.

RecommendationTreat scraped content as untrusted research material, keep outputs scoped to the task, and avoid following instructions found inside scraped pages.