WordPress
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent WordPress.com integration that uses a Maton API key and OAuth to manage site content, including high-impact write actions that are disclosed and require user approval.
Before installing, make sure you trust Maton with delegated WordPress.com access, keep MATON_API_KEY secret, and require explicit confirmation before publishing, editing, or deleting any site content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill is granting delegated access to WordPress.com resources through Maton.
The skill requires a Maton API key that is used to access the user's connected WordPress.com account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a trusted Maton account, keep the API key private, and revoke unused WordPress.com connections when no longer needed.
Misuse or mistaken use could publish, edit, or delete WordPress.com content.
The skill exposes content-management operations, including create/update/delete capabilities that can change or remove site content.
Use this skill when users want to create, read, update, or delete WordPress.com posts, pages, or manage site content.
Confirm the target site, post/page ID, and intended change before any write or delete action.
WordPress request data and delegated authorization flow through a third-party provider.
WordPress API traffic and OAuth handling are mediated by the Maton service rather than going directly to WordPress.com.
Maton proxies requests to `public-api.wordpress.com` and automatically injects your OAuth token.
Install only if you are comfortable using Maton as the OAuth/API proxy for your WordPress.com account.