Back to skill

Security audit

WPClaw Lite (WordPress/WooCommerce connector)

Security checks across malware telemetry and agentic risk

Overview

This WooCommerce connector handles sensitive store credentials and customer/order data, but the behavior is disclosed, purpose-aligned, and shows no evidence of hidden exfiltration, persistence, or destructive actions.

Install only if you are comfortable giving the agent access to WooCommerce data through WPCLAW_STORE_URL and WPCLAW_STORE_SECRET. Use a least-privilege/read-only credential where possible, store it in a secret manager, avoid exposing customer data in prompts or logs, and prefer an updated, locked dependency install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation requires sensitive environment variables (`WPCLAW_STORE_URL` and especially `WPCLAW_STORE_SECRET`) but does not declare corresponding permissions. This creates a transparency and least-privilege problem: users or reviewers may not realize the skill depends on secrets, and downstream code may access them without an explicit permission boundary.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly advertises access to order customer information and instructs users to configure a long-lived store secret, but it does not warn about the sensitivity of customer data or the need to protect and rotate the credential. In a skill that bridges an AI agent to a production WooCommerce store, this omission increases the likelihood of accidental exposure of PII and misuse of the secret through insecure environment handling, logging, or overbroad agent access.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"description": "OpenClaw skill for WooCommerce integration",
  "main": "index.js",
  "dependencies": {
    "axios": "^1.6.0"
  }
}
Confidence
95% confidence
Finding
"axios": "^1.6.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2026-44494 (axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `co); CVE-2026-44495 (axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollut); CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/index.js:5