firecrawl/firecrawl-mcp-server

Minor capabilities, nothing alarming.

View source ↗

Outbound network 3

Environment variables (config / keys) 3

Sensitive credential files 1

AI review

This Firecrawl MCP server extension appears legitimate and focused on its stated purpose of web scraping/search functionality. The code accesses expected environment variables for API configuration and makes network calls to Firecrawl services, which aligns with its web scraping functionality. No evidence of prompt injection, credential exfiltration, or deceptive tool descriptions was found in the provided documentation.

low Environment variable access for API configuration — The extension reads FIRECRAWL_API_KEY, FIRECRAWL_OAUTH_TOKEN, and other configuration environment variables as expected for a web scraping service client. This is legitimate configuration access.
low Network calls to Firecrawl services — The extension makes fetch calls to Firecrawl API endpoints and OAuth introspection endpoints. These are expected network operations for a web scraping service integration.
low NPM token in CI/CD workflow — The publish.yml workflow contains an NPM_TOKEN reference, which is standard for package publishing automation and not a runtime security concern.

Model: deepseek/deepseek-chat-v3.1

Static findings

Sensitive credential files · Reads sensitive credential files

info .github/workflows/publish.yml:34 run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc

Outbound network · Makes outbound network requests

info pnpm-lock.yaml:90 [email protected]:

low src/index.ts:114 const response = await fetch(getOAuthIntrospectionEndpoint(), {

low src/monitor.ts:58 const response = await fetch(url, {

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/index.ts:52 normalizeHeader(process.env.FIRECRAWL_OAUTH_TOKEN) ??

low src/legacy/index.md:921 const FIRECRAWL_API_URL = process.env.FIRECRAWL_API_URL;

low src/monitor.ts:29 const apiKey = session?.firecrawlApiKey ?? process.env.FIRECRAWL_API_KEY;

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.