Security audit
Firecrawl CLI
Security checks across malware telemetry and agentic risk
Overview
This is a transparent Firecrawl CLI reference skill, with expected third-party web scraping and browser automation risks that users should manage deliberately.
Install only if you are comfortable using Firecrawl's CLI and service. Avoid sensitive internal URLs, confidential page content, private prompts, or logged-in browser profiles unless approved; use crawl limits, monitor credits, and prefer a self-hosted Firecrawl endpoint for sensitive environments.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
