WordPress REST API
Security checks across malware telemetry and agentic risk
Overview
The skill mostly does what it says, but its helper can send WordPress application-password credentials to an unrelated URL if a full route URL is supplied.
Install only if you are comfortable using it against WordPress REST endpoints. Use least-privilege application passwords, prefer relative routes like /wp/v2/posts, avoid full --route URLs when credentials are supplied, verify the final URL before authenticated calls, and require explicit approval before any content, settings, plugin, or theme changes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.