Security audit

WordPress API Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WordPress management skill with sensitive live-write abilities, so it is acceptable but should be used only with deliberate approval.

Install only if you intend to let an agent use WordPress or WooCommerce credentials to change site content. Use a dedicated least-privilege application password, prefer drafts and dry-runs, confirm the site URL and post/product IDs before every write, and consider setting WP_REQUIRE_ALLOWLIST=1 and WP_REQUIRE_HTTPS=1 for stricter operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The helper intended for SEO metadata also permits writing any non-allowlisted key directly into the WordPress post meta payload unless WP_REQUIRE_ALLOWLIST=1 is set. That broadens the script from a constrained SEO updater into a generic arbitrary postmeta writer, which can modify unrelated plugin/application state and defeats the principle of least privilege for this skill.

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: The documentation claims the script only reads/writes Rank Math and Yoast SEO fields, but the implementation can write arbitrary raw postmeta keys. This mismatch is security-relevant because operators or upstream agents may trust the narrower description and invoke the tool in contexts where broader metadata mutation is unsafe.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script performs authenticated write operations to live WordPress content as soon as write-oriented arguments are supplied, with no built-in interactive confirmation, dry-run mode, or explicit safeguard at the point of execution. In the context of an agent skill, this raises the risk of accidental or unintended remote modification of production content if the tool is invoked with the wrong site, post ID, or field payload.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The update path performs an immediate write to a live WordPress page once the CLI arguments are supplied, with no built-in confirmation, dry-run, or execution gate. In the context of a content-management skill whose own metadata says live writes require explicit user approval and drafts/dry-runs are preferred, this omission increases the risk of accidental or unauthorized content modification.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.