firecrawl-build-onboarding
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates a standard authentication flow using the vendor's official domain (
firecrawl.dev) and PKCE-like parameters (code verifier and challenge) to securely retrieve an API key. - [EXTERNAL_DOWNLOADS]: Recommends installing official SDKs (
@mendable/firecrawl-jsandfirecrawl-py) from standard package registries. These are recognized vendor-provided resources for the Firecrawl service. - [CREDENTIALS_UNSAFE]: Properly instructs users to store sensitive API keys in
.envfiles or platform secret managers rather than hardcoding them in source code, which aligns with established security best practices for secret management.
Audit Metadata