WordPress
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill is granting delegated access to WordPress.com resources through Maton.
The skill requires a Maton API key that is used to access the user's connected WordPress.com account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a trusted Maton account, keep the API key private, and revoke unused WordPress.com connections when no longer needed.
Misuse or mistaken use could publish, edit, or delete WordPress.com content.
The skill exposes content-management operations, including create/update/delete capabilities that can change or remove site content.
Use this skill when users want to create, read, update, or delete WordPress.com posts, pages, or manage site content.
Confirm the target site, post/page ID, and intended change before any write or delete action.
WordPress request data and delegated authorization flow through a third-party provider.
WordPress API traffic and OAuth handling are mediated by the Maton service rather than going directly to WordPress.com.
Maton proxies requests to `public-api.wordpress.com` and automatically injects your OAuth token.
Install only if you are comfortable using Maton as the OAuth/API proxy for your WordPress.com account.