Jrb Remote Site Api Skill Repo
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent WordPress admin integration, but it gives an agent broad site-control tokens and mutation powers without enough declared scope or approval safeguards.
Install only if you trust the WordPress plugin and the site tokens you provide. Use least-privilege, per-site tokens; avoid putting secrets in prompt-visible files; require human confirmation for publishing, deleting, installing, activating, theme switching, and campaign actions; and test on a staging site before using it on production.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent action could publish or delete site content, alter the active theme, or change installed WordPress software.
The skill exposes destructive site changes, public content changes, and plugin/theme administration, but the artifacts do not define approval gates, allowed sites/actions, dry-run behavior, rollback, or least-privilege limits.
**Posts & Pages**: Create, read, update, delete... **Plugins**: List, install, activate, deactivate, update, and delete. **Themes**: ... switch themes, install from URL.
Require explicit user confirmation for publish/delete/install/activate/theme/campaign actions, restrict tokens to necessary endpoints, test on staging first, and keep backups or rollback plans.
If the token is exposed, misrouted, or used without careful scope, an agent or anyone with access to the file could control the mapped WordPress site(s).
The skill asks the agent environment to hold site API tokens, including multi-site mappings, while registry metadata declares no primary credential or required env vars. These tokens appear to authorize broad remote administration.
Ensure your agent's `TOOLS.md` or `.credentials/` contains the endpoint and token... `.credentials/jrb-sites.json` ... "token": "YOUR_SECURE_X_JRB_TOKEN"
Declare the credential requirements, store tokens only in a secure credential store rather than prompt-visible files, use separate least-privilege tokens per site, rotate tokens regularly, and revoke tokens when no longer needed.
A bad theme URL or compromised package could break the site or introduce unsafe code into the WordPress environment.
Installing themes from arbitrary URLs is a remote software supply-chain action. The artifacts do not describe provenance checks, allowlists, version pinning, or user approval before such installs.
**Themes**: List active/available themes, switch themes, install from URL.
Only allow installs from trusted, reviewed sources; use allowlisted repositories or exact versions; and require explicit human approval before any plugin or theme install/update.
Customer details or support-ticket contents could be shown to the agent and potentially included in summaries, logs, or outputs if the user does not constrain usage.
Reading support tickets and customer data is purpose-aligned for this integration, but it means sensitive business/customer information may enter the agent's working context; the artifacts do not describe redaction, minimization, or retention boundaries.
**FluentSupport:** Read tickets and customer data.
Limit requests to the minimum needed records, redact sensitive fields where possible, avoid storing outputs in long-term memory, and review any generated summaries before sharing.