Skills
skills/leoyeai/openclaw-master-skills/firecrawl/Gen Agent Trust Hub

firecrawl

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of the official firecrawl-cli package from the NPM registry.
  • Evidence: npm install -g firecrawl-cli@1.8.0 and npx -y firecrawl-cli@1.8.0 init in rules/install.md.
  • Note: This is an expected installation from a well-known service.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute firecrawl CLI commands for web interaction.
  • Evidence: Bash(firecrawl *) and Bash(npx firecrawl *) are defined as allowed tools in SKILL.md.
  • Evidence: The firecrawl browser "eval <js>" command enables the execution of JavaScript in a remote browser environment for automation purposes.
  • [PROMPT_INJECTION]: As a web scraping tool, the skill ingests content from external, untrusted sources, which constitutes a risk for indirect prompt injection.
  • Ingestion points: Data is fetched via commands such as scrape, search, crawl, and agent.
  • Capability inventory: The skill has the ability to write to the local filesystem and execute shell commands.
  • Mitigation: The skill includes rules/security.md, which defines a security strategy involving file-based isolation in .firecrawl/ and incremental reading (e.g., using grep, head) to limit the impact of potentially malicious instructions within scraped data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:35 AM