ClawHub

WP Publisher

Security checks across malware telemetry and agentic risk

Overview

This WordPress publishing skill is mostly coherent, but it gives an agent authenticated authority to update and permanently delete posts without clear safeguards.

Install only if you are comfortable giving the agent WordPress content-management access. Use a dedicated low-privilege WordPress application password, require HTTPS without disabling certificate checks, avoid putting secrets directly in commands, and treat update/delete actions as requiring explicit human confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a publishing tool, but its documented API surface also enables listing, updating, and permanently deleting posts. In an agent context, this scope expansion materially increases risk because a user or prompt injection could trigger destructive or unauthorized content modification actions beyond the expected publish-only workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The broad trigger phrase "发布博客" is likely to appear in ordinary chat and may cause unintended activation in multi-channel environments. Because this skill can perform authenticated remote actions, accidental invocation could result in unreviewed publication or chained follow-on operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes a force-delete capability without a prominent warning or safeguards, which is dangerous in conversational agent settings. A mistaken request, ambiguous instruction, or prompt injection could irreversibly remove WordPress content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs use of WordPress credentials via Basic Auth and environment variables but does not warn about exposure risks in logs, process listings, shell history, or insecure transport settings. In agent ecosystems, these credentials may be reused broadly and could grant full publishing or content management access if leaked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal