We can’t recommend to or be liable for any damage made to your site in result of scan. However, the risk for damage is different depending on the type of application that you have. Below you can find some use cases and the risk involved for each:
For administrative back offices, where you can manage users or the content of your site, you should definitely not run Probe.ly against the production environment. Doing so would potentially result in users being deleted, content added to your site, etc. Probe.ly blacklists URLs and buttons such as “Delete”, but the risk for doing something harmful is still significant.
For web apps where the user can insert content that can be viewed by other users, we also don’t recommend you to run Probe.ly against your production environment. Doing so would result in random content (attack payloads) added to your site that other users can see.
For web apps where users/organizations don’t interact to each other, and all actions are performed within the user’s or the organization’s scope, usually the risk for damage is low or very low. As an example, if your web app is a CRM and your organization has several users, all the data added/changed by those users can only be seen by users from the same organization. If you create a testing organization and a testing user to be used by Probe.ly, the risk for damage is very low.