Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WordPress MCP
v3.3.4Manage WordPress sites via MCP (Model Context Protocol) through AI Engine. Use for creating/editing posts, SEO analysis, analytics, media management, taxonomy operations, social media scheduling, multilingual content (Polylang), and any WordPress admin task. Requires AI Engine plugin (free) with MCP Server enabled. Also use when asked about WordPress site management, content workflows, or WP-related tasks.
⭐ 0· 1.8k·10 current·12 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (manage WP via AI Engine MCP) aligns with the documented tools: posts, media, SEO, Polylang, WooCommerce, plugin/theme management and database queries. Those capabilities are appropriate for an administrative WP management skill. However the skill metadata declares no required credential or primary credential while the SKILL.md clearly requires a site URL and a Bearer Token — this mismatch is important (the skill will not function without that secret).
Instruction Scope
SKILL.md explicitly instructs the agent how to call the MCP endpoint and to store URL+Bearer Token in a TOOLS.md file. The documented tools permit extremely powerful actions (write plugin/theme files, install/activate plugins/themes, execute arbitrary SQL via wp_db_query, dynamic REST access). Those actions are coherent for a full admin toolset, but they are high privilege and can alter site code or data. The instructions do not attempt to restrict use of these dangerous operations (beyond a note of caution for SQL), so the agent could perform destructive or invasive actions if invoked with an admin token.
Install Mechanism
Instruction-only skill, no install spec and no code files to run on the agent host — this minimizes local install risk. Nothing is downloaded or written by the skill package itself.
Credentials
Metadata lists no required environment variables or primary credential, but SKILL.md requires a Bearer Token and MCP URL stored in TOOLS.md. The skill therefore implicitly needs a secret (site administrator token) but does not declare it in the registry. This lack of declared credential handling is an incoherence that could cause accidental token exposure (e.g., if stored in a shared doc or memory). The operations the token enables (file writes, SQL, plugin activation) justify needing a high‑privilege secret, but the skill should explicitly declare that requirement and guide secure handling.
Persistence & Privilege
always:false and no install steps that persist on the agent host. The skill can be invoked autonomously by models (default platform behavior), which increases blast radius if combined with other issues, but autonomy alone is not a new red flag here.
What to consider before installing
This skill appears to be a coherent controller for WordPress sites via AI Engine's MCP, but take these precautions before installing or using it: 1) Treat the Bearer Token as a high‑privilege secret — only use tokens for sites you administrate and avoid storing them in publicly accessible files; prefer short‑lived or scoped tokens if possible and revoke them after use. 2) Limit enabled MCP features on the target site — do not enable Database, Plugins, Themes, or Dynamic REST unless you explicitly need them, because those tools allow writing code and running SQL. 3) Because the package metadata does not declare the needed credential, assume the agent will require you to provide the token in conversation or a local TOOLS.md; avoid pasting tokens into shared chats or documents. 4) Verify the AI Engine plugin installation and inspect which MCP tools are exposed (run tools/list) before asking the agent to make destructive changes. 5) If you need to run sensitive operations (installing plugins, modifying theme files, direct SQL), perform them manually or under strict supervision rather than granting an automated agent broad autonomous privileges. If you want a higher assurance rating, ask the skill author/source for an explicit credential declaration, changelog, and a homepage or repo to verify origin.Like a lobster shell, security has layers — review code before you run it.
latestvk976qyff6abhcrk9da2518zp4d80yfjvwordpressvk971hfvzhc4hpyytt9qx8eb9e580xj0m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.