crawl4ai-fetch

SUSPICIOUS: The skill’s core function is coherent, but its default behavior sends user-requested URLs, fetched content, and optionally bearer tokens to an unverified third-party domain while describing itself as self-hosted Crawl4AI. The main risk is data and credential routing to a backend with unclear ownership, not confirmed malware.