firecrawl/firecrawl-mcp-server

Minor capabilities, nothing alarming.

View source ↗

Outbound network 3

Environment variables (config / keys) 3

Sensitive credential files 1

AI review

This Firecrawl MCP server extension appears to be a legitimate web scraping tool with no evidence of prompt injection, data exfiltration, or deceptive behavior. The main risks are standard for any network-connected service: potential exposure of API keys via environment variables and network calls to external services. The extension's functionality matches its stated purpose of web search and scraping.

low Environment variable access for API keys — The extension reads FIRECRAWL_API_KEY and FIRECRAWL_OAUTH_TOKEN from environment variables, which is expected for a service that needs authentication. This is not inherently malicious but means API keys could be exposed if the environment is compromised.
low Network calls to external services — The extension makes network requests to Firecrawl's API endpoints (fetch calls in src/index.ts and src/monitor.ts). This is expected for a web scraping service but introduces standard network security considerations.
low NPM token exposure in CI/CD — The publish.yml workflow writes an NPM_TOKEN to ~/.npmrc, which is a standard CI/CD practice but could expose the token if the build environment is compromised.

Model: deepseek/deepseek-chat-v3.1

Static findings

Sensitive credential files · Reads sensitive credential files

info .github/workflows/publish.yml:34 run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc

Outbound network · Makes outbound network requests

info pnpm-lock.yaml:90 [email protected]:

low src/index.ts:114 const response = await fetch(getOAuthIntrospectionEndpoint(), {

low src/monitor.ts:58 const response = await fetch(url, {

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/index.ts:52 normalizeHeader(process.env.FIRECRAWL_OAUTH_TOKEN) ??

low src/legacy/index.md:921 const FIRECRAWL_API_URL = process.env.FIRECRAWL_API_URL;

low src/monitor.ts:29 const apiKey = session?.firecrawlApiKey ?? process.env.FIRECRAWL_API_KEY;

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.