ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blog with Wordpress

v1.0.0

Publish articles to WordPress blogs via REST API. Handles post creation, category/tag management, and SEO-friendly English slug generation. Use when user ask...

0· 23·0 current·0 all-time
byHugo Gu@hugogu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (publish to WordPress, manage categories/tags, generate slugs) align with the runtime steps (calls to the WP REST API to create categories, tags, and posts). Requiring a WordPress URL, username, and application password is appropriate for this functionality, so the actual capability is coherent with the purpose.
!
Instruction Scope
The SKILL.md instructs the agent to source a specific workspace file (/root/.openclaw/workspace/.env) and expects WP_BLOG_URL, WP_USERNAME, and WP_APP_PASSWORD to be present. That file path and those variables are not declared in the skill metadata. The instructions also specify automatically publishing posts (status: "publish") and include a directive to 'TRIGGER this skill whenever user mentions publishing', which increases the impact if invoked autonomously. Aside from these issues, the actions stay within the WordPress REST API domain.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is the lowest-risk install model (nothing is written to disk by the skill package itself).
!
Credentials
The runtime requires WP_BLOG_URL, WP_USERNAME, and WP_APP_PASSWORD (an application password) in a workspace .env, but the registry metadata lists no required env vars or config paths and has no primary credential declared. This mismatch is significant: the skill will consume sensitive credentials but does not declare them in metadata for reviewers or policy controls.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). The SKILL.md's explicit 'TRIGGER' text encourages automatic invocation when users mention publishing; combined with the missing-declaration issues above, that increases risk but by itself is not a platform privilege escalation.
What to consider before installing
This skill appears to do what it says (publish posts to WordPress), but the SKILL.md expects sensitive credentials in a workspace .env and reads a specific path (/root/.openclaw/workspace/.env) while the skill metadata declares no required env vars or config paths. Before installing: 1) confirm the source/author and trustworthiness since no homepage/source is provided; 2) require the pack author to update metadata to declare WP_BLOG_URL, WP_USERNAME, WP_APP_PASSWORD (and mark WP_APP_PASSWORD as the primary credential) and to list the config path being read; 3) prefer using a WordPress application password tied to a low-privilege user and test on a staging site first (not a production blog); 4) be aware the instructions publish posts with status "publish" — if you want drafts first, modify the workflow; 5) rotate/revoke the application password after testing. If the author cannot or will not fix the metadata discrepancies, treat installation as higher risk and avoid granting credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk971sxm9spw59cw69mbjyfrh4n848cfr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments