扫描报告
5 /100
init-kb
Initialize or update a knowledge base for a project, business, or client. Scrapes websites and social profiles via Firecrawl API and generates 9 structured KB files.
This is a pure documentation skill with no executable code. It uses documented curl commands to call the legitimate Firecrawl API for web scraping, and generates markdown knowledge base files.
可以安装
No action needed. The skill is safe to use.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | API key stored in plain text file 敏感访问 | SKILL.md:84 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md creates KNOWLEDGE BASE/ and .firecrawl/ directories |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md documents curl calls to api.firecrawl.dev |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md uses curl for API calls |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md reads FIRECRAWL_API_KEY env var |
| 技能调用 | NONE | NONE | — | No skill chaining |
| 剪贴板 | NONE | NONE | — | Not used |
| 浏览器 | NONE | NONE | — | Not used |
| 数据库 | NONE | NONE | — | Not used |
6 项发现
中危 外部 URL 外部 URL
https://firecrawl.link/operator SKILL.md:89 中危 外部 URL 外部 URL
https://api.firecrawl.dev/v1/map SKILL.md:149 中危 外部 URL 外部 URL
https://api.firecrawl.dev/v1/crawl SKILL.md:163 中危 外部 URL 外部 URL
https://api.firecrawl.dev/v1/crawl/ SKILL.md:172 中危 外部 URL 外部 URL
https://api.firecrawl.dev/v1/scrape SKILL.md:187 中危 外部 URL 外部 URL
https://api.firecrawl.dev/v1/ SKILL.md:598 目录结构
3 文件 · 36.1 KB · 879 行 Markdown 2f · 874L
JSON 1f · 5L
├─
_meta.json
JSON
├─
SKILL.md
Markdown
└─
WALKTHROUGH.md
Markdown
安全亮点
✓ No executable scripts - skill is pure documentation
✓ All network activity is to documented legitimate Firecrawl API endpoints
✓ Uses standard curl commands without obfuscation
✓ API key is user-provided and stored locally under user control
✓ No access to sensitive system paths (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ Comprehensive documentation of all functionality
✓ No hidden or undeclared behavior detected