Official (Vendor)Active· 10d★ 4.3by Firecrawl

Firecrawl

Firecrawl's MCP for high-quality web scraping. Returns clean markdown, handles JS-rendered sites, batch crawling.

View repo Homepage

Safety & Trust

Delv Safety Grade: B

Score 73/100 · assessed 2026-04-28

Maintainer75

Permissions85

Supply chain70

Transparency75

Incidents100

Firecrawl is a commercial web scraping service from Mendable with an official MCP server. The maintainer is a legitimate startup with a real product, but it's not a major tech vendor. The permissions model is reasonably scoped: it makes outbound network requests to Firecrawl's API (requiring an API key) and returns markdown content, but doesn't touch your filesystem or execute code locally. The main trust consideration is that you're routing all scraping through Firecrawl's infrastructure, so they see every URL you scrape. Supply chain is standard npm package distribution but not as battle-tested as major vendor offerings. Transparency is decent with open source code and documentation, though the core scraping happens server-side in their proprietary infrastructure. No known security incidents. Suitable for non-sensitive scraping workflows where you're comfortable with a third-party service handling the content.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE

Private dataNo

Reads secrets, credentials, private files

Untrusted inputYes

Ingests web pages, PRs, issues, emails

External commsYes

Can send data outbound

Loads arbitrary URLs and renders them. Highest-quality untrusted-input vector after Puppeteer.

Green flags

Official vendor-maintained MCP server, not community fork
Scoped to read-only web scraping, no filesystem or shell access
Open source MCP wrapper code available for inspection
Standard npm package distribution with versioning
No known security incidents or credential leaks

Red flags

All scraped content passes through Firecrawl's commercial infrastructure
API key required exposes your scraping activity to third-party service
Smaller vendor with less security track record than major platforms
Core scraping logic is proprietary server-side, not in open MCP code

Permissions requested

Outbound networkAccess secretsExternal LLM call

Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Review

Firecrawl is Mendable's official MCP server that turns messy web pages into clean markdown. It's built for scraping sites that rely heavily on JavaScript rendering, which is where most headless scrapers fall over. You point it at a URL, it returns structured content you can actually work with. I've used this for pulling documentation from sites that render everything client-side. The markdown output is genuinely clean - no stray navigation fragments or footer noise. It handles single-page scrapes and batch crawls through an entire domain, which is useful when you're building a knowledge base from scattered docs. The batch mode respects rate limits and doesn't hammer servers, which matters if you're scraping anything remotely production. The main quirk is that it's API-dependent. You need a Firecrawl API key, which means you're paying per scrape beyond the free tier. For one-off tasks, that's fine. For high-volume scraping, the costs add up quickly. The MCP itself is thin - it's mostly a wrapper around Firecrawl's existing API, so you're trusting their infrastructure for uptime and quality. Where this earns its place is in agent workflows that need to pull live web content without writing custom Puppeteer scripts. I'd reach for it when Claude needs to scrape a competitor's pricing page, pull changelogs from a vendor site, or index a blog for Q&A. It's faster than asking Claude to browse manually and more reliable than generic web search tools. Who shouldn't bother: if you're scraping static HTML or already have a scraping pipeline, this adds little. If you need pixel-perfect screenshots or complex browser automation, look elsewhere. This is for developers who want markdown from modern web pages without fighting rendering engines.

Verdict

Install this if you regularly need Claude to scrape JavaScript-heavy sites and want clean markdown without writing your own scraper. Skip it if you're only hitting static pages or if API costs for high-volume scraping don't make sense for your use case. It's a solid, focused tool that does one thing well.

Good at

Handles JavaScript-rendered sites reliably, which most basic scrapers can't.
Returns genuinely clean markdown without navigation clutter or layout fragments.
Batch crawling mode respects rate limits and doesn't hammer servers.
Official vendor support means it's maintained alongside Firecrawl's core product.
Works across multiple hosts - Claude Desktop, Cursor, Windsurf, Cline, Zed.

Watch out

Requires a Firecrawl API key and costs scale with usage beyond the free tier.
It's a thin wrapper around an external API, so you're dependent on Firecrawl's uptime.
No offline mode or local scraping - everything goes through their infrastructure.
Overkill if you're only scraping static HTML pages.

Getting started

1. Sign up at firecrawl.dev and grab your API key from the dashboard. 2. Install via npm with `npm install -g firecrawl-mcp` or add it to your Claude Desktop config manually. 3. Add the server to your MCP config with `FIRECRAWL_API_KEY` in the environment variables section. 4. Restart your host (Claude Desktop, Cursor, etc.) and verify by asking Claude to scrape a URL and return markdown. 5. Watch your API usage - batch crawls can burn through credits quickly if you're not careful with scope.

Works with

Claude DesktopClaude CodeCursorWindsurfClineZed