ClawHub

Wordpress Vps Install

Security checks across malware telemetry and agentic risk

Overview

This is a high-impact WordPress VPS deployment guide, but its system-changing actions are disclosed, scoped to a fresh user-approved server, and supported by basic safety checks.

Use this only on a fresh or explicitly approved VPS and domain. Before running it, confirm the host, Dokploy project, domain, credentials, and backups, and consider replacing the WP-CLI download step with a pinned, checksum-verified release.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly guides end-to-end VPS provisioning, Docker/Dokploy installation, domain routing, and live WordPress bootstrap on a fresh server, but it does not include clear safety gates, confirmation prompts, or warnings that these actions will modify infrastructure and expose a public service. In an agent-executed context, that omission is risky because it increases the chance of unintended destructive or externally visible changes being performed on the wrong host or domain.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
apt-get update -y
apt-get install -y ripgrep curl less php-cli php-curl php-mbstring php-xml
curl -fsSL https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp
chmod +x /usr/local/bin/wp
wp --info
Confidence
95% confidence
Finding
curl less php-cli php-curl php-mbstring php-xml curl -fsSL https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp chmod +x /usr/local/bin/wp wp --info rg --vers

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal