Back to skill

Security audit

Wordpress OAuth

Security checks across malware telemetry and agentic risk

Overview

This WordPress OAuth skill does what it says, but its saved WordPress access token should be treated as sensitive.

Install only if you trust this publisher with access to the connected WordPress site. Keep credentials.json out of source control, sync folders, logs, and backups; prefer draft posts for first tests; delete the stored credentials or revoke the WordPress token when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes capabilities including file read/write, network access, and shell execution, but no explicit permissions are declared. This creates a transparency and governance gap: consumers of the skill may not realize it can persist credentials locally and make authenticated network calls, which increases the chance of unsafe deployment or overtrust. In an OAuth/publishing skill, these capabilities are expected, but they still should be declared and constrained.

Credential Access

High
Category
Privilege Escalation
Content
- Script: `{baseDir}/wp_oauth_skill.py`
- OAuth state store: `{baseDir}/oauth_state.json`
- Credential store: `{baseDir}/credentials.json`

This skill stores state and credentials in files inside this skill directory.
Confidence
92% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.