WordPress Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WordPress security scanning skill, but users should only scan sites they own or are authorized to test.

Install only if you are comfortable sending target site URLs to the external scanning provider. Use it only on WordPress sites you own, administer, or have explicit permission to test; do not use it to scan unrelated third-party sites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill enables active scanning of a user-supplied WordPress URL but does not clearly warn that this will send probing traffic to the specified host. That omission can lead users to unknowingly target third-party systems without authorization, creating legal, policy, and abuse risks even if the feature is presented as legitimate security testing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal