Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Firecrawl CLI
v1.0.0Web scraping, crawling, searching, and browser automation via the Firecrawl CLI (firecrawl). Use when scraping URLs to markdown/HTML, crawling entire website...
⭐ 0· 994·3 current·4 all-time
byYash Kavaiya@yash-kavaiya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide Firecrawl CLI functionality (scrape, crawl, browser automation) which legitimately requires installing a CLI and authenticating with a FIRECRAWL_API_KEY or interactive login. However, the registry metadata lists no required environment variables or credentials. That omission is an incoherence: the skill will not function as described without external credentials or a self-hosted API URL, so the manifest under-declares its needs.
Instruction Scope
SKILL.md tells the agent to install and use the firecrawl CLI and to run commands that send target URLs and scraped content to Firecrawl's cloud (or to a self-hosted API). It includes browser sandbox automation and execution of Playwright/Python/Node snippets in remote sessions. Those capabilities allow arbitrary remote execution of page interactions and transmission of scraped content to an external service — a meaningful data-exfiltration surface. The instructions do not ask the agent to read unrelated local files, but they do rely on sending web content and potentially user-provided URLs to a third party.
Install Mechanism
This is an instruction-only skill (no install spec). The SKILL.md instructs users/agents to run 'npm install -g firecrawl-cli', which is a normal public-registry installation but is not automatically verified by the skill. Instruction-only avoids writing code to disk from the skill itself (lower risk), but installing a third-party npm package still carries supply-chain risk and should be vetted by the user.
Credentials
The documentation references FIRECRAWL_API_KEY, FIRECRAWL_API_URL, and FIRECRAWL_NO_TELEMETRY, but the skill manifest lists no required env vars/credentials. Requesting an API key (or doing an interactive login) is expected for this functionality, but the manifest's failure to declare these credentials is an inconsistency that impairs an informed security decision. Requiring an API key is proportionate to the purpose, but the skill could be used to send sensitive page content to the vendor unless the user self-hosts.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. Autonomous invocation (disable-model-invocation=false) is the platform default; by itself this is not flagged. The skill does not claim to modify other skills or system-wide settings.
What to consider before installing
This skill appears to be a wrapper around a third-party CLI that sends scraped pages and browser interactions to Firecrawl's cloud by default. Before installing or using it: 1) be aware the SKILL.md requires FIRECRAWL_API_KEY or interactive login even though the manifest lists no credentials — treat that as a red flag and don't blindly provide high-privilege credentials. 2) Prefer self-hosting (FIRECRAWL_API_URL) if you will scrape sensitive sites or want content to stay on-premises. 3) Vet the NPM package (publisher, package name, version, npmjs listing, GitHub repo and releases) before 'npm install -g', and avoid installing as root. 4) Assume web content and interactions will be transmitted to the service; do not run against sites that contain secrets, authentication cookies, internal URLs, or PII. 5) Consider creating a limited-scope API key for testing, set FIRECRAWL_NO_TELEMETRY=1 if you want to disable CLI telemetry, and test with non-sensitive URLs first. 6) If you need to allow autonomous agent invocation, restrict which prompts/tasks it can run and monitor job outputs. If the publisher or package source is unknown or unverifiable, treat this as higher risk and ask for more publisher/source information before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk9730tsjqde1thr5yhyjjtnr5d82v6a5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.