📦

審計歷史

sitemapkit - 2 審計

審計版本 2

最新中風險

Jun 27, 2026, 11:22 AM

Static analysis reported command execution, weak crypto, filesystem, network, and credential patterns. Review found the command and weak-crypto alerts are false positives from Markdown backticks, TypeScript template strings, and documentation text, while network access and SITEMAPKIT_API_KEY usage are intentional for the SitemapKit API. The skill is publishable with a warning because user-supplied URLs and an API key are sent to a third-party service.

已掃描檔案

436

分析行數

發現項

codex

審計者

中風險問題 (2)

src/index.ts:10 src/index.ts:13-17 src/index.ts:29-35

Third-party API receives user URLs and API key

The MCP server reads SITEMAPKIT_API_KEY from the environment and sends it with user-provided sitemap or domain URLs to https://app.sitemapkit.com. This is expected for the service, but it exposes browsing targets and credentials to a third-party API and should be disclosed to users.

src/index.ts:160-176 src/index.ts:193-196 SKILL.md:26-31

Remote crawling delegated to external service

Tool calls accept user-provided url values and forward them to the SitemapKit API for discovery or extraction. This can reveal target domains or sitemap URLs and can consume a user quota on the external service.

低風險問題 (3)

README.md:41 README.md:59

Documentation references hidden MCP configuration files

README.md mentions user configuration paths such as .cursor/mcp.json and ~/.codeium/windsurf/mcp_config.json. These are setup instructions, not code that reads or writes hidden files.

README.md:23-36 SKILL.md:20-31 src/index.ts:45-47 src/index.ts:165-168

Static command-execution alerts are Markdown and string formatting false positives

The backtick detections in README.md and SKILL.md are inline code formatting, and the detections in src/index.ts are template literals used to format API responses and errors. No shell execution API or dynamic command invocation was found.

package.json:4 README.md:7 SKILL.md:3 src/index.ts:89-91

Weak-crypto alerts are false positives

The reported weak-cryptography locations do not show cryptographic code. They appear to match ordinary text such as Markdown, MCP, sitemap, or example strings.

風險因素

🌐 網路存取 (5)

src/index.ts:10 src/index.ts:29-35 SKILL.md:37-38 README.md:17 package.json:7-13

🔑 環境變數 (5)

src/index.ts:13-17 README.md:31-33 README.md:49-50 README.md:67-68 SKILL.md:3

偵測到的模式

Authenticated outbound fetch to fixed API endpoint

審計版本 1

低風險

Mar 25, 2026, 02:04 PM

This skill is a legitimate MCP server for SitemapKit that discovers and extracts sitemaps from websites. After evaluating 334 static findings, all high-severity flags are false positives. The skill uses standard API calls to sitemapkit.com service with proper API key handling via environment variables. No malicious code execution or data exfiltration patterns were found.

已掃描檔案

2,164

分析行數

發現項

claude

審計者

中風險問題 (1)

src/index.ts:10

External API Dependency

Skill relies on external sitemapkit.com API service. Users should verify service availability and terms of service.

低風險問題 (4)

src/index.ts:13

Environment Variable API Key

API key stored in SITEMAPKIT_API_KEY environment variable - standard secure practice

README.md:9-11 SKILL.md:20-31

Static Scanner False Positives - External Commands

Static analyzer flagged backtick syntax in markdown files as shell execution. These are documentation code blocks, not actual code.

package-lock.json:892 package-lock.json:712

Static Scanner False Positives - Cryptographic Warnings

Static analyzer flagged weak crypto (md5/sha1) and high-entropy strings in package-lock.json. These are standard npm package hashes.

package-lock.json:712 package-lock.json:785

Static Scanner False Positives - C2 Keywords

Static analyzer flagged C2 keywords in package-lock.json. These are legitimate npm package names that coincidentally match keyword patterns.

風險因素

🌐 網路存取 (1)

src/index.ts:29-36

🔑 環境變數 (1)

src/index.ts:13

← 返回技能