Wopdpress AI Blogger

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate WordPress publishing helper, but it needs review because it can use site credentials to publish content and upload local files with limited guardrails.

Install only if you want an agent to manage a WordPress site. Use a least-privilege application password, prefer staging and draft-by-default workflows, require explicit approval before publishing, deleting, or uploading media, avoid admin credentials and inline secrets, do not use verify=False or verbose authenticated logging with real credentials, and restrict media uploads to reviewed files or a small reviewed folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill performs network access, reads environment variables, and references file operations, but it does not declare any permissions or capability boundaries. In an agent setting, this creates a transparency and governance problem because the skill can transmit credentials and modify remote content without an explicit permission model visible to users or orchestrators.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented behavior does not fully match the described scope: it claims JWT and edit/update support but only shows token retrieval and post creation/publishing, while also implying broader media and block-generation behaviors. This mismatch can cause users or higher-level agents to trust the skill for narrower operations than it actually enables, increasing the risk of unintended content changes or credential use.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill gives instructions for creating posts, uploading media, and publishing content to a live WordPress site without an explicit warning that these actions modify production data. In agent-driven workflows, omission of such warnings increases the chance of accidental publication, site defacement, or unintended operational changes.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The authentication examples show handling of usernames, passwords, and application passwords without a clear warning about secret protection, least privilege, or the fact that these credentials are sent to a remote server. That omission can lead to unsafe storage, logging, reuse of admin credentials, or use over misconfigured endpoints.

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The reference describes deletion, including `?force=true` to bypass trash, without any warning about permanence or confirmation requirements. In an agent skill that may automate actions, this increases the chance of accidental or overly broad destructive operations, especially if the agent is later wired to execute from docs or examples.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The authentication section shows credential formats and Basic Auth usage without any warning to protect secrets, avoid logging them, or store them securely. In an automation skill context, this can normalize unsafe handling of application passwords or JWTs and lead to credential leakage through prompts, logs, or shell history.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The embed examples encourage use of third-party URLs (YouTube, Twitter/X) without noting that rendering or previewing such embeds can cause outbound requests to external services and leak IP address, referrer, user agent, and possibly authenticated browsing context metadata. In a WordPress publishing automation skill, this matters because users may programmatically insert external embeds at scale without realizing the privacy and compliance implications.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The troubleshooting example includes hardcoded username/password credentials in a form users may copy directly, without any warning about using test-only secrets, environment variables, or secure secret handling. In a skill focused on automating WordPress publishing and authentication, this increases the chance that operators will normalize password-based auth and leak real credentials into shells, histories, docs, or logs.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The debug logging guidance suggests enabling verbose request logging for HTTP calls without warning that Authorization headers, cookies, JWTs, post content, and other sensitive data may be captured. In a content publishing skill that routinely handles credentials and unpublished content, this can lead to credential exposure or data leakage via console output, CI logs, or persistent log files.

External Transmission

Medium

Category: Data Exfiltration
Content: ```python def publish_post(post_id): """Publish a draft post.""" response = requests.post(f"{wp_url}/wp-json/wp/v2/posts/{post_id}", json={"status": "publish"}, auth=auth) return response.json() ```
Confidence: 90% confidence
Finding: requests.post(f"{wp_url}/wp-json/wp/v2/posts/{post_id}", json=

External Transmission

Medium

Category: Data Exfiltration
Content: ## Example Request ```bash # Using curl with Application Password curl -X POST https://your-site.com/wp-json/wp/v2/posts \ -u "admin:xxxx xxxx xxxx xxxx xxxx xxxx" \ -H "Content-Type: application/json" \
Confidence: 86% confidence
Finding: curl with Application Password curl -X POST https://your-site.com/wp-json/wp/v2/posts \ -u "admin:xxxx xxxx xxxx xxxx xxxx xxxx" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal