firecrawl

[Skill Scanner] Installation of third-party script detected The fragment is broadly coherent with its stated purpose. It describes a legitimate CLI tool workflow (installation, authentication, command usage, outputs) and does not show obvious malicious intent within the manifest itself. The primary security considerations would be runtime: ensuring the remote cloud service handles data securely, that authentication tokens are protected, and that output files do not inadvertently leak sensitive data. Overall, the footprint is proportionate to the described functionality, with no suspicious data exfiltration patterns evident in the manifest alone. LLM verification: No direct code-level malware or obfuscated payloads were found in the provided documentation. The dominant risk is operational: this skill delegates rendering and automation to a third-party cloud service, which will receive full page content and any user-entered data. Because documentation lacks endpoint, retention, and data-handling details and gives no integrity verification for the npm package, this presents a moderate supply-chain/privacy risk. Recommendation: treat as potentially risky for