Trust Assessment
firecrawl received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Arbitrary File Read via Path Traversal in Schema Loading, Arbitrary File Write via Path Traversal in Screenshot Output.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Path Traversal in Schema Loading The `cmd_extract` function directly uses `args.schema` as a file path for `json.load()`. An attacker can provide a path traversal sequence (e.g., `../../../../etc/passwd`) to read arbitrary files on the system, leading to data exfiltration. Sanitize or validate the `args.schema` input to ensure it refers to a file within an allowed, restricted directory. A common approach is to resolve the path and check if it's a child of a designated safe directory, or to disallow '..' segments. | LLM | fc.py:100 | |
| HIGH | Arbitrary File Write via Path Traversal in Screenshot Output The `cmd_screenshot` function uses `args.output` directly as a filename for `urllib.request.urlretrieve()` and `open()`. An attacker can provide a path traversal sequence (e.g., `../../../../tmp/malicious.png`) to write files to arbitrary locations on the system, potentially overwriting critical files or placing malicious content. Sanitize or validate the `args.output` input to ensure it refers to a file within an allowed, restricted directory. Resolve the path and check if it's a child of a designated safe directory, or disallow '..' segments. Consider using `os.path.abspath` combined with `os.path.commonprefix` or `pathlib.Path.resolve()` to ensure the path stays within expected boundaries. | LLM | fc.py:70 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/andrewdmwalker/firecrawler/fc.py:18 | |
| MEDIUM | Arbitrary Directory Creation via Path Traversal in Crawl Output The `cmd_crawl` function uses `args.output` directly as a directory path for `Path(...).mkdir()`. An attacker can provide a path traversal sequence (e.g., `../../../../tmp/malicious_dir`) to create directories at arbitrary locations on the system, which could be used for denial-of-service or to prepare for further attacks. Sanitize or validate the `args.output` input to ensure it refers to a directory within an allowed, restricted parent directory. Resolve the path and check if it's a child of a designated safe directory, or disallow '..' segments. Ensure that the base directory for output is explicitly controlled and not user-supplied. | LLM | fc.py:170 |
Scan History
Embed Code
[](https://skillshield.io/report/b0bc7d552c1ede7c)
Powered by SkillShield