Wordpress OAuth
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for WordPress OAuth, but it stores a reusable posting token and can publish to a WordPress site without an explicit confirmation safeguard.
Only install this if you are comfortable giving the skill WordPress OAuth access for posting. Use the narrowest OAuth scope possible, keep posts as drafts unless you explicitly approve publication, protect credentials.json, and review the complete script before use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could create public or draft WordPress content with the stored token; accidental public posting could affect the user's website or reputation.
Publishing posts to a WordPress site is a high-impact external account action. The documentation describes the action but does not require explicit user confirmation before posting, especially for non-draft status.
Publishes a post via `POST /rest/v1.1/sites/$site/posts/new` using the stored token.
Require explicit user approval before any non-draft publish action, default to draft, and clearly show the target site, title, status, and content preview before posting.
Anyone or anything that can read the stored credentials file may be able to use the WordPress token for actions allowed by the OAuth scope.
The skill persistently stores a reusable OAuth bearer token that can authorize WordPress posting. This is disclosed in the skill text, but registry metadata says there is no primary credential and no required environment variables.
Credential store: `{baseDir}/credentials.json` ... This skill stores state and credentials in files inside this skill directory.Declare the credential requirement in metadata, document token scope and retention, provide a cleanup/revoke command, and remind users to protect or remove credentials.json when no longer needed.
If an error or transcript includes the full token-info URL, the OAuth token could be revealed to someone who can see that output.
The token-info command sends the stored access token in a URL query string to the WordPress token-info endpoint. This appears purpose-aligned, but query strings can be exposed in local logs or error messages.
query = urlencode({"client_id": client_id, "token": access_token})
info = request_json("GET", f"{TOKEN_INFO_ENDPOINT}?{query}")Avoid printing full URLs containing tokens, redact token query parameters in error messages, and prefer a POST body if the provider supports it.
The visible code is mostly consistent with the stated purpose, but incomplete source visibility reduces assurance.
The supplied source artifact is marked truncated, so the reviewer cannot fully inspect the end of the script, including parser defaults and main execution handling.
...[truncated]
Review the complete wp_oauth_skill.py before installing or running the skill, especially defaults for publish status and error handling.