What does Sucuri SiteCheck tell me?

Sucuri SiteCheck is a free remote malware scanner: it fetches your website’s public pages the way a visitor’s browser would and checks them against known threats:

• What it checks — known-malware signatures, defacement patterns, spam injections, and the major blocklists (Google Safe Browsing, McAfee, and others). It also flags outdated CMS versions when they are detectable from outside.
• Its key limitation — is in the word remote — it can only see what is publicly served, so malware in your server’s file system, database, or admin area is invisible to it.
• A blocklist flag — on the other hand, is always urgent: it means search engines are already warning your customers away.

A clean SiteCheck result means “nothing bad is visible from the outside right now”, not “the site is not compromised”.