WordPress to Static Site
Security checks across malware telemetry and agentic risk
Overview
This skill uses powerful website migration access, but its behavior is disclosed, purpose-aligned, and includes safeguards against leaking WordPress secrets.
Install only if you intend to let the agent access the target WordPress server and use your authenticated GitHub and Cloudflare CLIs. Keep the repository private unless you deliberately choose otherwise, preview the generated static site, and verify ./public contains no PHP, wp-config, .env, SQL dumps, or other secrets before approving deployment.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.