Wordpress REST API
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed WordPress API command-line tool, but it should be used with care because it can change or delete site content when given powerful WordPress credentials.
Install only if you want an agent to operate a WordPress site through the REST API. Configure WP_BASE_URL to the intended HTTPS site, use a dedicated low-privilege WordPress application password, avoid passing sensitive local files with @file, and require explicit approval before create, update, delete, publish, or raw request commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.