firecrawl-search

SUSPICIOUS. The core purpose is coherent: web search plus optional page scraping via Firecrawl's official ecosystem. However, the `npx firecrawl` allowance does not match the documented official package name, creating supply-chain ambiguity, and the skill ingests arbitrary external web content while retaining Bash execution, which raises indirect prompt-injection risk. No clear credential theft, exfiltration, or overtly malicious behavior is present.