firecrawl

[Skill Scanner] Installation of third-party script detected BENIGN with standard operational and policy risks. The fragment describes legitimate capabilities for a specialized web-crawling workflow. Key mitigations include secure API key handling, restricted access to local outputs, and compliance monitoring for scraping activities. LLM verification: This skill is suspicious rather than overtly malicious. It legitimately describes a web-scraping/search CLI and requests file writes and authentication consistent with that purpose, but it also mandates centralizing all agent web activity through the third-party 'firecrawl' service, instructs automated browser-based login, and encourages hiding outputs via .gitignore. Those patterns create a realistic credential-exfiltration and data-centralization risk (man-in-the-middle / harvesting) if the se