Audit-Verlauf
sitemapkit - 2 Audits
Audit-Version 2
Neueste Mittleres RisikoJun 27, 2026, 11:22 AM
Static analysis reported command execution, weak crypto, filesystem, network, and credential patterns. Review found the command and weak-crypto alerts are false positives from Markdown backticks, TypeScript template strings, and documentation text, while network access and SITEMAPKIT_API_KEY usage are intentional for the SitemapKit API. The skill is publishable with a warning because user-supplied URLs and an API key are sent to a third-party service.
Confirmed security concerns (2)
Capability review items (3)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Risikofaktoren
🌐 Netzwerkzugriff (5)
🔑 Umgebungsvariablen (5)
Erkannte Muster
Audit-Version 1
Niedriges RisikoMar 25, 2026, 02:04 PM
This skill is a legitimate MCP server for SitemapKit that discovers and extracts sitemaps from websites. After evaluating 334 static findings, all high-severity flags are false positives. The skill uses standard API calls to sitemapkit.com service with proper API key handling via environment variables. No malicious code execution or data exfiltration patterns were found.
Confirmed security concerns (4)
Capability review items (1)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.