Skills sitemapkit Audit-Verlauf
📦

Audit-Verlauf

sitemapkit - 2 Audits

Audit-Version 2

Neueste Mittleres Risiko

Jun 27, 2026, 11:22 AM

Static analysis reported command execution, weak crypto, filesystem, network, and credential patterns. Review found the command and weak-crypto alerts are false positives from Markdown backticks, TypeScript template strings, and documentation text, while network access and SITEMAPKIT_API_KEY usage are intentional for the SitemapKit API. The skill is publishable with a warning because user-supplied URLs and an API key are sent to a third-party service.

5
Gescannte Dateien
436
Analysierte Zeilen
7
Review items
0
False positives ignored

Confirmed security concerns (2)

Mittel
Remote crawling delegated to external service
Tool calls accept user-provided url values and forward them to the SitemapKit API for discovery or extraction. This can reveal target domains or sitemap URLs and can consume a user quota on the external service.
The tool handlers forward request arguments to callApi for discover, extract, and full crawl operations. The behavior matches the skill purpose, but users should understand the privacy and quota impact.
Niedrig
Documentation references hidden MCP configuration files
README.md mentions user configuration paths such as .cursor/mcp.json and ~/.codeium/windsurf/mcp_config.json. These are setup instructions, not code that reads or writes hidden files.
The only hidden-file references are in documentation lines that tell users where to configure MCP clients. No implementation code accesses those paths.
Capability review items (3)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Mittel
Third-party API receives user URLs and API key
The MCP server reads SITEMAPKIT_API_KEY from the environment and sends it with user-provided sitemap or domain URLs to https://app.sitemapkit.com. This is expected for the service, but it exposes browsing targets and credentials to a third-party API and should be disclosed to users.
The code directly reads SITEMAPKIT_API_KEY and sends it in the x-api-key header during fetch calls to the SitemapKit API. This is semantically required for the skill, so the concern is disclosure and user consent, not confirmed malicious behavior.
Niedrig
Static command-execution alerts are Markdown and string formatting false positives
The backtick detections in README.md and SKILL.md are inline code formatting, and the detections in src/index.ts are template literals used to format API responses and errors. No shell execution API or dynamic command invocation was found.
Manual review found Markdown code spans, JSON examples, and TypeScript interpolation only. There is no child_process, eval, Function constructor, or shell invocation in the inspected files.
Niedrig
Weak-crypto alerts are false positives
The reported weak-cryptography locations do not show cryptographic code. They appear to match ordinary text such as Markdown, MCP, sitemap, or example strings.
The reviewed files contain no MD5, SHA1, DES, RC4, or crypto module usage at the cited locations. The alerts are consistent with substring matches in non-crypto documentation and descriptions.

Erkannte Muster

Authenticated outbound fetch to fixed API endpoint
Geprüft von: codex

Audit-Version 1

Niedriges Risiko

Mar 25, 2026, 02:04 PM

This skill is a legitimate MCP server for SitemapKit that discovers and extracts sitemaps from websites. After evaluating 334 static findings, all high-severity flags are false positives. The skill uses standard API calls to sitemapkit.com service with proper API key handling via environment variables. No malicious code execution or data exfiltration patterns were found.

7
Gescannte Dateien
2,164
Analysierte Zeilen
7
Review items
0
False positives ignored

Confirmed security concerns (4)

Mittel
External API Dependency
Skill relies on external sitemapkit.com API service. Users should verify service availability and terms of service.
API_BASE URL is hardcoded to sitemapkit.com - legitimate third-party service dependency
Niedrig
Static Scanner False Positives - External Commands
Static analyzer flagged backtick syntax in markdown files as shell execution. These are documentation code blocks, not actual code.
Markdown files contain usage examples with backtick formatting. Source code uses fetch() API, not shell commands.
Niedrig
Static Scanner False Positives - Cryptographic Warnings
Static analyzer flagged weak crypto (md5/sha1) and high-entropy strings in package-lock.json. These are standard npm package hashes.
package-lock.json contains standard npm registry URLs and dependency hashes that appear random
Niedrig
Static Scanner False Positives - C2 Keywords
Static analyzer flagged C2 keywords in package-lock.json. These are legitimate npm package names that coincidentally match keyword patterns.
NPM package names in lock file matching security scanner patterns - legitimate dependencies
Capability review items (1)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Niedrig
Environment Variable API Key
API key stored in SITEMAPKIT_API_KEY environment variable - standard secure practice
API key access is properly handled via environment variable, not hardcoded

Risikofaktoren

🌐 Netzwerkzugriff (1)
🔑 Umgebungsvariablen (1)
Geprüft von: claude