ClawHub

Wp Login

Security checks across malware telemetry and agentic risk

Overview

This WordPress login helper does the stated login automation, but it also leaves sensitive session data and screenshots on disk without clear disclosure or cleanup.

Install only in an isolated environment with a trusted HTTPS WordPress URL and a limited account. Treat wp-state.json, puppeteer_user_data, and generated screenshots as sensitive session material, delete them after use, and avoid using production administrator credentials until the skill discloses and controls persistence, screenshot capture, TLS handling, and local secret loading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly relies on environment-stored WordPress credentials and sends them to a remote `/wp-login.php` endpoint, but the description does not warn the user that sensitive secrets will be consumed and transmitted off-process. This can mislead operators into supplying privileged credentials without informed consent, increasing the risk of credential exposure, misuse against the wrong host, or accidental execution in an untrusted environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code launches Puppeteer with a persistent `userDataDir` while handling WordPress credentials, which can retain authenticated sessions, cookies, and other sensitive browser state on disk without any explicit consent, lifecycle controls, or cleanup. In an agent/automation context, this increases the risk of cross-run session leakage, unauthorized reuse of admin access, and accidental exposure of stored authentication artifacts to other processes or users on the same system.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code saves Playwright storage state to `wp-state.json`, which can contain authenticated cookies and other session artifacts that allow reuse of a logged-in WordPress session. If that file is readable by other local users, committed to source control, uploaded in artifacts, or left on disk on a shared system, an attacker may be able to hijack the authenticated admin session without needing the password.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script explicitly loads a local file from an absolute user-home path into environment variables, which likely contains credentials or other secrets. This creates a risky dependency on developer-local sensitive data, can cause accidental secret exposure during testing or distribution, and makes the skill behave differently based on hidden machine-specific configuration.

VirusTotal

No VirusTotal findings

View on VirusTotal