Security Audit
AgriciDaniel/claude-seo:skills/seo-sitemap
github.com/AgriciDaniel/claude-seoTrust Assessment
AgriciDaniel/claude-seo:skills/seo-sitemap received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential SSRF/Data Exfiltration via URL validation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 22, 2026 (commit 323e105a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential SSRF/Data Exfiltration via URL validation The skill description indicates that it will validate URLs by checking their HTTP status codes ('All URLs return HTTP 200') and potentially crawl pages ('Compare crawled pages vs sitemap'). If the sitemap content, including URLs, is provided by an untrusted user, this functionality could be exploited for Server-Side Request Forgery (SSRF) or data exfiltration. An attacker could provide malicious URLs pointing to internal network resources or an attacker-controlled server to leak information or bypass network controls. Implement strict URL validation and sanitization for all URLs extracted from user-provided sitemaps. Ensure network requests are sandboxed, restricted to public internet IPs, and do not follow redirects to internal resources. Consider using an allowlist for domains if possible, or at least a denylist for private IP ranges and loopback addresses. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/f43b6f984294662e)
Powered by SkillShield