v0.2.0 · live
CAPFRAME
← leaderboard/Firecrawl MCP/tool · firecrawl_search_feedback
§ toolsandboxFirecrawl MCP

firecrawl_search_feedback

on npm:firecrawl-mcp@3.20.2

Severity

critical0
high0
medium3
low0
info0

3 findings on this tool

  1. mediumunconstrained inputf-r1-firecrawl_search_feedback

    Tool `firecrawl_search_feedback` accepts unconstrained string input

    The following string parameter(s) have no `maxLength` constraint: `rating`, `searchId`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

    OWASP LLM01NIST MEASURE-2.3ATLAS T0051
  2. mediumexcessive agencyf-r5-firecrawl_search_feedback

    Tool `firecrawl_search_feedback` description mentions money but no `money` side-effect is declared

    Description: " Send structured feedback on a previous `firecrawl_search` result. **Call this immediately after a search where you used the results** so we can improve search quality and refund 1 credit (search costs 2). Pass the `searchId` returned by `firecrawl_search` (the `id` field on the response) and tell us: - **rating** — overall result quality: `good`, `partial`, or `bad`. - **valuableSources** — which result URLs were actually useful, and a short reason why. - **missingContent** — **the most important field.** An ARRAY of specific pieces of content you expected to find but didn't. One entry per missing piece, each with a short `topic` and an optional longer `description`. Examples: `{"topic":"enterprise pricing","description":"no pricing tier table for the Enterprise plan was returned"}`, `{"topic":"API rate limits"}`, `{"topic":"comparison vs competitors"}`. **Be specific** — these aggregate across teams and tell us what to index next. Do not pack multiple topics into one entry. - **querySuggestions** — how the query or response shape could be improved (e.g. "would have liked official docs first", "should boost github.com"). **Substantive-feedback requirement** (zero-effort feedback is rejected with HTTP 400): - `good` — must include at least one `valuableSources` entry - `partial` — must include `valuableSources` or at least one `missingContent` entry - `bad` — must include at least one `missingContent` entry or `querySuggestions` **Time window:** Feedback must be submitted within ~2 minutes of the search. Beyond that, the call returns HTTP 409 with `feedbackErrorCode: "FEEDBACK_WINDOW_EXPIRED"` — do not retry, just move on. Same goes for any 4xx response: do not retry-loop. **Behaviors:** - Idempotent per `searchId`. Re-submitting for the same id returns `alreadySubmitted: true` with `creditsRefunded: 0`. - Refund only applies to billable searches; preview teams are blocked. - Failed searches cannot receive feedback (the search itself already returned an error you can act on). - **Daily refund cap (per team, per UTC day, default 100 credits).** Once a team's `creditsRefundedToday` reaches `dailyRefundCap`, the response returns `dailyCapReached: true` with `creditsRefunded: 0`. The feedback is still recorded for search-quality improvement — only the credit refund is gated. **Stop calling this tool for the rest of the UTC day** when you see `dailyCapReached: true`. **When to call:** Right after processing a search result. If the result didn't help, send rating `bad` with a clear `missingContent` — that is just as valuable as a `good` rating. **Usage Example (good rating with valuable sources + missing content):** ```json { "name": "firecrawl_search_feedback", "arguments": { "searchId": "0193f6c5-1234-7890-abcd-1234567890ab", "rating": "good", "valuableSources": [ { "url": "https://docs.firecrawl.dev/features/search", "reason": "Most up-to-date description of /search." } ], "missingContent": [ { "topic": "Pricing for the search endpoint", "description": "No pricing tier table for /search specifically." }, { "topic": "Rate limits", "description": "Per-team RPS for /search not documented." } ], "querySuggestions": "Boost docs.firecrawl.dev for queries that mention 'firecrawl'" } } ``` **Usage Example (bad rating, what was missing):** ```json { "name": "firecrawl_search_feedback", "arguments": { "searchId": "0193f6c5-1234-7890-abcd-1234567890ab", "rating": "bad", "missingContent": [ { "topic": "Recent benchmarks", "description": "All results were >12 months old." }, { "topic": "Comparison vs Algolia" } ] } } ``` **Returns:** `{ success, feedbackId, creditsRefunded, creditsRefundedToday, dailyRefundCap, dailyCapReached?, alreadySubmitted?, warning? }` JSON. " -- this references money/payment/refund/etc., but the declared side_effects ([]) don't include `money`. A capframe-bind policy that relies on declared side_effects to scope spend caveats will under-scope this tool.

    fix: Add `money` to the tool's `side_effects` declaration, or rewrite the description to clarify that no actual money moves.

    OWASP LLM08NIST MEASURE-2.6ATLAS T0040
  3. mediumindirect injectionf-r6-firecrawl_search_feedback

    Tool `firecrawl_search_feedback` fetches external web content -- indirect-injection surface

    Description: " Send structured feedback on a previous `firecrawl_search` result. **Call this immediately after a search where you used the results** so we can improve search quality and refund 1 credit (search costs 2). Pass the `searchId` returned by `firecrawl_search` (the `id` field on the response) and tell us: - **rating** — overall result quality: `good`, `partial`, or `bad`. - **valuableSources** — which result URLs were actually useful, and a short reason why. - **missingContent** — **the most important field.** An ARRAY of specific pieces of content you expected to find but didn't. One entry per missing piece, each with a short `topic` and an optional longer `description`. Examples: `{"topic":"enterprise pricing","description":"no pricing tier table for the Enterprise plan was returned"}`, `{"topic":"API rate limits"}`, `{"topic":"comparison vs competitors"}`. **Be specific** — these aggregate across teams and tell us what to index next. Do not pack multiple topics into one entry. - **querySuggestions** — how the query or response shape could be improved (e.g. "would have liked official docs first", "should boost github.com"). **Substantive-feedback requirement** (zero-effort feedback is rejected with HTTP 400): - `good` — must include at least one `valuableSources` entry - `partial` — must include `valuableSources` or at least one `missingContent` entry - `bad` — must include at least one `missingContent` entry or `querySuggestions` **Time window:** Feedback must be submitted within ~2 minutes of the search. Beyond that, the call returns HTTP 409 with `feedbackErrorCode: "FEEDBACK_WINDOW_EXPIRED"` — do not retry, just move on. Same goes for any 4xx response: do not retry-loop. **Behaviors:** - Idempotent per `searchId`. Re-submitting for the same id returns `alreadySubmitted: true` with `creditsRefunded: 0`. - Refund only applies to billable searches; preview teams are blocked. - Failed searches cannot receive feedback (the search itself already returned an error you can act on). - **Daily refund cap (per team, per UTC day, default 100 credits).** Once a team's `creditsRefundedToday` reaches `dailyRefundCap`, the response returns `dailyCapReached: true` with `creditsRefunded: 0`. The feedback is still recorded for search-quality improvement — only the credit refund is gated. **Stop calling this tool for the rest of the UTC day** when you see `dailyCapReached: true`. **When to call:** Right after processing a search result. If the result didn't help, send rating `bad` with a clear `missingContent` — that is just as valuable as a `good` rating. **Usage Example (good rating with valuable sources + missing content):** ```json { "name": "firecrawl_search_feedback", "arguments": { "searchId": "0193f6c5-1234-7890-abcd-1234567890ab", "rating": "good", "valuableSources": [ { "url": "https://docs.firecrawl.dev/features/search", "reason": "Most up-to-date description of /search." } ], "missingContent": [ { "topic": "Pricing for the search endpoint", "description": "No pricing tier table for /search specifically." }, { "topic": "Rate limits", "description": "Per-team RPS for /search not documented." } ], "querySuggestions": "Boost docs.firecrawl.dev for queries that mention 'firecrawl'" } } ``` **Usage Example (bad rating, what was missing):** ```json { "name": "firecrawl_search_feedback", "arguments": { "searchId": "0193f6c5-1234-7890-abcd-1234567890ab", "rating": "bad", "missingContent": [ { "topic": "Recent benchmarks", "description": "All results were >12 months old." }, { "topic": "Comparison vs Algolia" } ] } } ``` **Returns:** `{ success, feedbackId, creditsRefunded, creditsRefundedToday, dailyRefundCap, dailyCapReached?, alreadySubmitted?, warning? }` JSON. " -- this tool pulls externally-controlled content into the agent's context window, the canonical indirect-injection vector. Even when the user supplies the URL, content at that URL can carry hostile instructions.

    fix: Sandbox the fetched content: strip prompts before forwarding to the model, constrain to an allow-list of domains, and route through capframe-guard with a `domain in [...]` caveat.

    OWASP LLM01NIST MEASURE-2.3ATLAS T0051

About this tool

firecrawl_search_feedback is one of 20 tools exposed by Firecrawl MCP. The server scored 0/100 overall against the capframe rule engine (source: sandbox). Last scanned 2026-06-05.

The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.