WordPress Self-Hosted
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is clearly aimed at managing a user-configured WordPress site, but it uses powerful SSH/WP-CLI and WordPress credential access that users should configure carefully.
Install only if you want the agent to administer the configured self-hosted WordPress site. Use a dedicated SSH user and WordPress application password, verify the host and WordPress root path, and require confirmation before publishing, deleting, plugin/theme, database, or file-management changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misconfigured or used on the wrong host, the agent could make significant changes to a real WordPress site.
The skill instructs the agent to run WP-CLI commands over SSH on the configured WordPress host, and uses trust-on-first-use host key handling. This is central to the skill's purpose and disclosed, but it is powerful enough to change or delete live site content.
ssh -o StrictHostKeyChecking=accept-new <ssh-user>@<wp-host> 'cd <wp-root> && wp <command>'
Verify WP_HOST, WP_SSH_USER, and WP_ROOT before use; consider pre-populating known_hosts instead of relying on accept-new; require explicit confirmation before publishing, deleting, plugin/theme, database, or file-management actions.
The agent may authenticate as a WordPress or SSH user with authority to modify the site.
The skill uses SSH credentials and optionally retrieves a WordPress application password from 1Password. That credential access is expected for administering WordPress, but it should be scoped to the intended site and account.
Credentials: SSH key (via ssh-agent or 1Password SSH agent on macOS), WP application password (stored in 1Password, item name configurable via WP_1P_ITEM).
Use a dedicated least-privilege WordPress application password and SSH account where possible, limit the configured 1Password item to this site, and avoid using an administrator account unless required.
Administrative commands can affect plugins, cache, database state, files, and public site behavior.
The skill's documented workflow includes local command execution and remote WordPress administrative commands. This is expected for a WP-CLI-based management skill, but it expands impact beyond simple post drafting.
Use for all content operations when REST API is unavailable. Also the only option for plugin installs, cache flush, DB operations, file management.
Treat WP-CLI actions as live administration; review command intent, keep backups, and confirm high-impact operations before execution.