Security audit

Blog with Wordpress

Security checks across malware telemetry and agentic risk

Overview

This WordPress publishing skill is mostly purpose-aligned, but it can make live authenticated changes to a public site without enough scoping or confirmation.

Install only if you are comfortable letting the agent use a WordPress application password to create or modify live site content. Use a least-privileged WordPress account, remove default URL/user fallbacks, and require explicit confirmation of the target site, title, status, categories, and tags before any publish or update request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest uses broad trigger language like publishing to blog, WordPress posting, or creating articles, which can cause the skill to activate for loosely related requests without an explicit publication confirmation step. In this skill's context, unintended invocation is risky because execution performs authenticated write operations against a live WordPress site.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The description does not clearly warn that the skill will perform live authenticated API writes that can create or update posts, categories, and tags. Because the skill changes external state on a production blog, lack of disclosure increases the chance of users invoking it without realizing it will publish content immediately.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal