firecrawl-scraper

The fragment is documentation for a scraping skill that delegates work to an external Firecrawl API. There is no direct embedded malicious code in the provided text, but the skill's distribution and operation model raises supply-chain and data-exfiltration risks: installation via 'npx skills add' pulls and executes remote code (transitive trust), and the skill sends scraped content and an API key to a third-party service. If you plan to use this skill, verify the Firecrawl service domain and privacy/retention policies, avoid reusing high-privilege credentials, prefer pinned/verified releases (not ad-hoc npx installs), and review the code in the repository before installing. Overall: no clear malware in the fragment, but moderate supply-chain and data-exfiltration risk due to third-party API use and transitive installation.