firecrawl-scraper

The README describes a plausible and legitimate scraper integration with Firecrawl, but the distribution/install method (un-pinned GitHub 'npx' install) and lack of explicit endpoints or data-handling policies create a moderate supply-chain and data-exfiltration risk. There is no direct evidence of malware in the provided text, but the inability to inspect the installed code means risk cannot be ruled out. Recommendations: do not install unpinned; review repository code and install scripts before running; pin to a commit or release; verify network endpoints and TLS behavior; enforce least-privilege API scopes and sanitize/redact sensitive content prior to sending to the remote API.