ClawHub
Back to skill
v1.0.0

WordPress REST API CLI

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:30 AM.

Analysis

This appears to be a legitimate WordPress REST API CLI, but it gives an agent credentialed ability to create, update, delete, and make raw requests against a WordPress site, so it should be reviewed and constrained before use.

GuidanceInstall only if you want an agent to operate a WordPress site through the REST API. Use a dedicated low-privilege WordPress Application Password or JWT, set WP_BASE_URL to an HTTPS site you control, require confirmation before publish/update/delete/raw requests, and avoid using the @file input with sensitive JSON files.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Posts: ... `posts:create`, `posts:update`, `posts:delete` ... Pages: ... `pages:create`, `pages:update`, `pages:delete` ... Advanced: - `request` (raw method + path)

The skill explicitly exposes WordPress content mutation, deletion, and a raw method/path request capability. These are purpose-aligned but high-impact if an agent can invoke them without a separate user confirmation or site-specific limits.

User impactAn agent with WordPress credentials could publish, modify, or delete site content, or use the raw request command to perform broader WordPress REST actions on the configured site.
RecommendationUse a dedicated low-privilege WordPress account, require explicit confirmation for create/update/delete/raw requests, prefer draft status by default, and keep backups or revision recovery enabled.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
_meta.json
"ownerId": "kn7ehv4at8yekzag31spcarxm180bev0", "slug": "wordpress"

The bundled metadata identity differs from the provided registry metadata, which lists a different owner ID and slug. This does not show malicious behavior, but it is a provenance inconsistency.

User impactUsers may have less certainty that the reviewed files correspond cleanly to the registry identity they intended to install.
RecommendationVerify the publisher and package source before supplying WordPress credentials, especially for production sites.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/wp-cli.js
const basicToken = process.env.WP_BASIC_TOKEN; ... const appPassword = process.env.WP_APP_PASSWORD; ... const jwt = process.env.WP_JWT_TOKEN;

The CLI reads WordPress credentials from environment variables and uses them for Authorization headers. This is expected for the integration, but those credentials carry the WordPress account's permissions.

User impactIf high-privilege credentials are provided, the agent can act with those WordPress permissions.
RecommendationProvide only a dedicated bot account with the minimum role needed, rotate application passwords regularly, and do not share these env vars with unrelated skills.