skills/aaaaqwq/claude-code-skills/firecrawl-cli/Socket

firecrawl-cli

Fail

Audited by Socket on Feb 16, 2026

1 alert found:

Obfuscated File

Obfuscated Filerules/install.md

HIGH

Obfuscated FileHIGH

rules/install.md

The documentation outlines standard CLI authentication flows (browser-based and API-key). It is not inherently malicious. However, it introduces security concerns around persisting API keys in plaintext via environment variables and shell initialization files, which can risk leakage in shared or compromised environments. Recommended mitigations include avoiding persistent plaintext keys, using secure secret storage (OS keychain or secret managers), scoped tokens with short lifetimes, and avoiding echoing credentials to logs or terminal history. Consider implementing in-app secure storage and encouraging ephemeral tokens where possible.

Confidence: 98%

Audit Metadata

Analyzed At

Feb 16, 2026, 03:47 AM

Package URL

pkg:socket/skills-sh/aaaaqwq%2Fclaude-code-skills%2Ffirecrawl-cli%2F@5e87b2db1d850e90c5aba84282a4a492d8010d53