Ghost CMS
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Ghost CMS integration, but review is needed because it can perform full admin actions while the registered safety controls do not match the documentation.
Install only if you are comfortable granting a full Ghost Admin API key. Before use, verify the published metadata actually disables autonomous invocation or enforce manual confirmation yourself, especially for publishing, deletion, member/user changes, settings, tiers, themes, and webhooks. Use a staging site or dedicated integration key when possible, review npm-installed code, and rotate or revoke the key when done.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-eager agent action could publish content, delete data, change subscribers, moderate public comments, or alter site administration.
This shows broad Ghost Admin API mutation and public-publishing authority. It is purpose-aligned and disclosed, but the registry metadata indicates model invocation is not disabled and capability tags were not derived, so these high-impact actions are not clearly bounded by enforced user control.
Destructive Operations ... Create/update/delete posts, pages, tags ... Publish/unpublish/schedule posts (makes content public) ... Create/update/delete members, tiers, newsletters ... All POST, PUT, DELETE requests
Require explicit user confirmation for every publish, delete, user/member, billing/tier, webhook, and settings change; ensure the registered capability and invocation metadata matches the documented safety model.
Users may believe the platform enforces explicit invocation when the submitted registry metadata does not show that protection.
This documented security claim conflicts with the registry flags supplied for the skill, which say disable-model-invocation is false and the agent can invoke the skill autonomously.
Autonomous invocation disabled - Requires explicit user commands
Fix the published metadata so autonomous invocation is actually disabled, or remove the claim and document exactly when the agent may invoke the skill.
Anyone or any agent action using this key can read and modify content, users, members, comments, settings, and public publishing state.
The credential requirement is expected for Ghost Admin API management and is clearly disclosed, but it grants complete site authority.
Ghost Admin API keys provide FULL access to your Ghost site ... Admin API keys have no scoping options ... There are no read-only keys.
Use a dedicated Ghost integration key, prefer staging for testing, store it securely, rotate it regularly, and revoke it immediately if the skill is removed or no longer trusted.
If used, a webhook could keep sending Ghost events to an external destination after the immediate task is complete.
Webhook management is documented as part of the API coverage. Creating or updating webhooks can establish persistent external data flows, so users should notice this boundary even though it is part of comprehensive Ghost administration.
| Webhooks | List (GET) | Create (POST), Update (PUT), Delete (DELETE) | External integrations |
Treat webhook creation or modification as a high-impact action requiring explicit approval, destination review, and later cleanup verification.
You may run local Node code and npm dependencies that are not represented by a formal install spec in the registry metadata.
The artifact set includes runnable scripts and npm setup, but the registry install/provenance metadata is incomplete. This is a supply-chain review note, not evidence of malicious behavior.
Source: unknown ... No install spec — this is an instruction-only skill ... Code file presence 9 code file(s)
Review the repository, scripts, package.json, and package-lock before installation, and publish a proper install spec that matches the documented npm setup.