firecrawl/firecrawl-mcp-server

Minor capabilities, nothing alarming.

View source ↗

Outbound network 3

Environment variables (config / keys) 3

Sensitive credential files 1

AI review

This Firecrawl MCP server extension appears legitimate and focused on web scraping functionality. The code accesses network resources and environment variables as expected for its purpose, with no evidence of hidden instructions, data exfiltration, or deceptive behavior. The main security consideration is that it processes user-provided URLs which could potentially be used for SSRF attacks, but this is inherent to the tool's stated purpose.

low Expected network and environment access — The extension accesses network resources (axios, fetch calls) and environment variables (FIRECRAWL_API_KEY, FIRECRAWL_OAUTH_TOKEN) as required for its web scraping functionality. This matches the extension's stated purpose and doesn't represent hidden behavior.
low No evidence of prompt injection or hidden instructions — The provided documentation and changelog show normal version updates and feature improvements. No hidden instructions, prompt injection attempts, or deceptive tool descriptions were found in the manifest text.
medium SSRF risk inherent to web scraping tools — As a web scraping tool, this extension will fetch user-provided URLs, which could potentially be used for Server-Side Request Forgery (SSRF) attacks if the agent is manipulated to access internal resources. However, this risk is inherent to the tool's purpose and not a hidden vulnerability.
low Proper authentication handling — The changelog indicates fixes for authentication handling in stdio transport, showing attention to security implementation details rather than attempts to bypass security.

Model: deepseek/deepseek-chat-v3.1

Static findings

Sensitive credential files · Reads sensitive credential files

info .github/workflows/publish.yml:34 run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc

Outbound network · Makes outbound network requests

info pnpm-lock.yaml:90 [email protected]:

low src/index.ts:114 const response = await fetch(getOAuthIntrospectionEndpoint(), {

low src/monitor.ts:58 const response = await fetch(url, {

Environment variables (config / keys) · Reads environment variables (config / API keys)

low src/index.ts:52 normalizeHeader(process.env.FIRECRAWL_OAUTH_TOKEN) ??

low src/legacy/index.md:921 const FIRECRAWL_API_URL = process.env.FIRECRAWL_API_URL;

low src/monitor.ts:29 const apiKey = session?.firecrawlApiKey ?? process.env.FIRECRAWL_API_KEY;

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.