firecrawl
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- Privilege Escalation (HIGH): The documentation suggests using 'sudo npm install' to bypass permission errors, which presents a high risk of privilege escalation if executed by an automated agent.
- Persistence Mechanisms (HIGH): The agent is instructed to modify shell profile files such as ~/.bashrc or ~/.zshrc to persist environment variables, which is a significant persistence risk that could be used for malicious purposes.
- External Downloads (MEDIUM): The skill installs the 'firecrawl-cli' package globally from the npm registry; while common, global installations of external packages should be limited to verified dependencies.
- Credentials Unsafe (MEDIUM): The skill recommends handling API keys via command-line flags and shell environment variables, which can lead to the exposure of sensitive credentials in process histories, shell logs, or environment dumps.
Recommendations
- AI detected serious security threats
Audit Metadata