WordPress API Auto Post 文章自动发布API
PassAudited by ClawScan on May 6, 2026.
Overview
This skill does what it claims—publishes WordPress articles—but users should notice that it needs WordPress posting credentials and can modify a live site.
Install only if you want an agent to create WordPress posts through the REST API. Configure a dedicated low-privilege WordPress user, use HTTPS, keep the application password out of chat/logs, test with draft status first, and review the full article before approving any published post.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a powerful WordPress account, the agent may be able to create or publish content on the site using that account's permissions.
The skill openly requires a WordPress application password with posting authority. This is purpose-aligned, but it gives the agent delegated ability to create posts and manage tags as that WordPress user.
credentials:\n - type: wordpress_app_password\n description: WordPress Application Password with edit_posts capability. Grants REST API access to create posts and manage tags as the configured user.
Use a dedicated least-privileged WordPress user, keep the application password secret, require draft-first testing, and revoke the password when no longer needed.
Approved runs can add draft or published posts to the configured WordPress site and may create new tags.
The script performs authenticated POST requests to create WordPress posts. This is the skill's stated purpose, but it is a real mutation of a third-party site.
api_url = f"{site_url}/wp-json/wp/v2/posts"\n...\nresult = make_api_request(api_url, auth_b64, method="POST", data=post_data)Confirm the site URL, title, slug, status, tags, and article body before approving; use draft mode unless you intentionally want immediate publication.
Installing the snippet exposes the listed RankMath meta fields through the WordPress REST API for users allowed to edit posts.
The setup file is a PHP snippet intended to be added to WordPress so RankMath metadata can be set through the REST API. It is visible, scoped to three meta keys, and purpose-aligned, but it changes site behavior persistently.
add_action('init', function () {\n ...\n register_meta('post', $key, [\n 'show_in_rest' => true,Add the snippet only if you understand the change, prefer a child theme or Code Snippets plugin, and remove it if you uninstall the skill.
Article titles, URLs, focus keywords, tags, and status may remain in a local log after publishing.
The workflow stores publication results in a persistent memory log. The artifact scopes the log's purpose and warns other skills not to use it as input.
将发布成功的结果与 URL 追加写入 `memory/wp-articles-log.md`。此日志仅用于本 Skill 的防重复检查和发布审计,不应被其他 Skill 用作数据输入源。
Keep the log free of secrets, periodically review it, and avoid letting unrelated skills treat it as authoritative instructions or source content.