init-kb Security Report — Trusted | ClawSafe

5 /100

init-kb

Initialize or update a knowledge base for a project, business, or client. Scrapes websites and social profiles via Firecrawl API and generates 9 structured KB files.

This is a pure documentation skill with no executable code. It uses documented curl commands to call the legitimate Firecrawl API for web scraping, and generates markdown knowledge base files.

Skill Nameinit-kb

Duration29.9s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use.

Findings 1 items

Severity	Finding	Location
Low	API key stored in plain text file Sensitive Access The skill stores the user-provided Firecrawl API key in .firecrawl/api-key.txt as plain text. This is documented and user-controlled, but file permissions should be set appropriately. If the user provides a key, save it to `.firecrawl/api-key.txt` → Ensure .firecrawl directory has appropriate access controls. Consider using environment variables as the primary method.	`SKILL.md:84`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	SKILL.md creates KNOWLEDGE BASE/ and .firecrawl/ directories
Network	`READ`	`READ`	✓ Aligned	SKILL.md documents curl calls to api.firecrawl.dev
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md uses curl for API calls
Environment	`READ`	`READ`	✓ Aligned	SKILL.md reads FIRECRAWL_API_KEY env var
Skill Invoke	`NONE`	`NONE`	—	No skill chaining
Clipboard	`NONE`	`NONE`	—	Not used
Browser	`NONE`	`NONE`	—	Not used
Database	`NONE`	`NONE`	—	Not used

6 findings

🔗

Medium External URL 外部 URL

https://firecrawl.link/operator

SKILL.md:89

🔗

Medium External URL 外部 URL

https://api.firecrawl.dev/v1/map

SKILL.md:149

🔗

Medium External URL 外部 URL

https://api.firecrawl.dev/v1/crawl

SKILL.md:163

🔗

Medium External URL 外部 URL

https://api.firecrawl.dev/v1/crawl/

SKILL.md:172

🔗

Medium External URL 外部 URL

https://api.firecrawl.dev/v1/scrape

SKILL.md:187

🔗

Medium External URL 外部 URL

https://api.firecrawl.dev/v1/

SKILL.md:598

File Tree

3 files · 36.1 KB · 879 lines

Markdown 2f · 874L JSON 1f · 5L

├─ 📋 _meta.json JSON 5L · 126 B

├─ 📝 SKILL.md Markdown 674L · 27.2 KB

└─ 📝 WALKTHROUGH.md Markdown 200L · 8.8 KB

Security Positives

✓ No executable scripts - skill is pure documentation

✓ All network activity is to documented legitimate Firecrawl API endpoints

✓ Uses standard curl commands without obfuscation

✓ API key is user-provided and stored locally under user control

✓ No access to sensitive system paths (~/.ssh, ~/.aws, .env)

✓ No credential harvesting or exfiltration

✓ Comprehensive documentation of all functionality

✓ No hidden or undeclared behavior detected

Scan Report

Findings 1 items

File Tree

Security Positives