Skillv1.0.0

ClawScan security

Wopdpress AI Blogger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 8:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match a WordPress publishing tool, but there are inconsistencies (missing declared env vars in registry metadata) and a few risky recommendations in the docs that warrant caution before installing.
Guidance: This package appears to do what it says (create Gutenberg posts, upload media, manage categories/tags), but exercise caution before using it with real credentials or a production site. Key points to consider: - Registry metadata does not advertise the environment variables the scripts need (WP_URL, WP_USERNAME, WP_APPLICATION_PASSWORD). Treat that omission as a red flag: verify required variables and where they are stored before use. - Prefer creating a low-privilege WordPress account (capabilities: edit_posts, but not full admin) or use a scoped Application Password for the site instead of an admin password. - Review the included Python scripts locally before running. They perform filesystem reads (uploads) and network requests to the specified WP_URL; ensure you won't accidentally upload sensitive local files. - Avoid following the troubleshooting advice to disable SSL verification in production (verify=False) or to log full HTTP requests in environments where credentials or sensitive content might be recorded. - Test on a staging site first. Confirm behavior (what gets uploaded, what fields are set) and monitor server logs for unexpected activity. If you want higher confidence, ask the author/source for corrected registry metadata listing required env vars, or request a minimal example run showing only a safe demo against a known test site.

Review Dimensions

Purpose & Capability: noteName/description match the included scripts: block generation, media upload, and post publishing via the WordPress REST API. The code implements the advertised features (Gutenberg serialization, media upload, categories/tags, publish workflow). However, registry metadata declares no required environment variables even though SKILL.md and the scripts clearly expect WP_URL, WP_USERNAME, WP_APPLICATION_PASSWORD (or username/password for JWT). This metadata omission is an inconsistency.
Instruction Scope: noteSKILL.md and the scripts remain within the stated purpose: they call WordPress REST endpoints, read files specified for upload, and serialize blocks. Some troubleshooting guidance recommends disabling SSL verification (requests.verify=False) and enabling verbose request logging; those are useful for debugging but increase risk of credential exposure if used indiscriminately. The instructions do not introduce obvious exfiltration endpoints or actions outside the WordPress domain.
Install Mechanism: okNo install spec (instruction-only) and no external downloads are present; risk from installation mechanism is low. The repository contains runnable Python scripts but nothing is being fetched from untrusted URLs at install time.
Credentials: concernThe skill requires WordPress credentials to operate (application password or username/password) and expects a WP_URL, but the registry metadata lists no required env vars or primary credential — a mismatch that obscures the fact that secrets are necessary. The scripts also recommend logging requests (which can include sensitive info); combine this with missing metadata declaration and it increases the chance a user might hand over high-privilege credentials unknowingly.
Persistence & Privilege: okSkill flags show no 'always:true' and it doesn't request permanent platform-level privileges. The scripts do file I/O for media uploads and read files the user instructs them to, but they do not attempt to modify other skills or system-wide agent settings.