Wopdpress AI Blogger
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent WordPress publishing helper, but it can use WordPress credentials to make persistent public changes, so review credentials and publish settings before use.
Install/use this only for WordPress sites where you want the agent to help manage content. Provide a limited WordPress application password, keep generated posts as drafts until reviewed, and be careful with recursive media uploads.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a real WordPress account, the agent can make content live on the site.
The helper can publish WordPress content through the REST API. This is expected for the skill, but it is a public, persistent site mutation.
def publish_post(self, post_id: int) -> bool:
data = {"status": "publish"}
response = self.session.post(f"{self.api_url}/posts/{post_id}", json=data)Use draft status by default, review generated content, and require explicit user approval before publishing.
Credentials with broad WordPress permissions could let the agent create, modify, upload, or publish more than intended.
The skill relies on WordPress account credentials or application passwords. That access is necessary for publishing, but it grants authority over the target site.
export WP_URL="https://your-site.com" export WP_USERNAME="admin" export WP_APPLICATION_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx"
Use a least-privilege WordPress user or application password, avoid admin credentials when possible, and revoke the password when no longer needed.
Accidentally choosing a large or sensitive directory could publish or store unintended files on the WordPress site.
The media uploader supports recursive directory uploads, so a broad directory selection could upload many local files to the WordPress media library.
python media_uploader.py --directory ./images --recursive
Use narrowly scoped media folders, inspect file lists before upload, and avoid recursive uploads on directories containing private files.