100Critical
This skill grants broad Bash execution permissions, enabling arbitrary command
Behavior Analysis
Description verified — behavior matches claim
Claims to do
firecrawl interact: Interact with scraped pages in a live browser session. Scrape a page first, then use natural language prompts or code to click, fill forms, navigate, and extract data.
Actually does
This skill executes `firecrawl interact` commands via Bash or `npx firecrawl interact`. It enables interaction with a live browser session of a previously scraped webpage, allowing users to click elements, fill forms, navigate, and extract data using natural language prompts or code. It can also manage browser state like cookies and local storage across sessions using profiles.
Skill Info
Namefirecrawl/cli/firecrawl-interact
Registrygithub
Version959e570d9c9e
PURLpkg:github/firecrawl/cli@959e570d9c9e?skill=firecrawl-interact
Stars298
Installs455,628
Source
SHA-256f6ddfc4b857a...
SHA-11dc20aa1130c...
MD56e0940d329cc...
TLSH1a8182013ecf...
Size3,934 bytes
Install
Assessments (2)
AI Agent Traps ↗Arbitrary Command Execution via Broad Bash Toolcriticalcommand execution
The `allowed-tools` grants broad `Bash` execution permissions for any command starting with `firecrawl` or `npx firecrawl`. This allows for arbitrary command injection, enabling execution of any shell command, leading to data exfiltration, resource abuse, and potential full system compromise of the host environment.
100% confidenceline 8
allowed-tools: - Bash(firecrawl *) - Bash(npx firecrawl *)
Credential Theft via Persistent Browser Profileshighcredential theft
The `--profile` feature persists sensitive browser state, including cookies and localStorage, which may contain authentication tokens. With arbitrary command execution, an attacker could locate and exfiltrate these stored credentials.
90% confidenceline 54
Use --profile on the scrape to persist browser state (cookies, localStorage) across scrapes:
Skill Description Masks Broad Permissionsinfooversight evasion
The skill's description emphasizes benign web interaction use cases, potentially downplaying the significant security implications of the underlying broad Bash execution permissions from human overseers.
80% confidenceline 3
description: | Control and interact with a live browser session... Use when the user needs to interact with a webpage beyond simple scraping: logging into a site, submitting forms...
Version History (2)
Dependencies (1)
firecrawl.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/firecrawl/cli/firecrawl-interact)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/firecrawl/cli/firecrawl-interact"><img src="https://mondoo.com/ai-agent-security/api/badge/github/firecrawl/cli/firecrawl-interact.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/firecrawl/cli/firecrawl-interact.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow