v1.0.0

ghst

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:37 AM.

Analysis

This is a transparent Ghost CLI skill, but it gives an agent broad staff-level power to publish, delete, bulk-change, export, and reconfigure a Ghost site.

GuidanceInstall this only if you want the agent to have staff-level Ghost administration capability. Use a dedicated revocable token, confirm any publish/delete/bulk/raw-API action manually, keep backups, and consider pinning the ghst package version.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/api.md

# `ghst api`

Direct raw Ghost API requests... `--method <method>`... `--body <json>`... `--input <path>`

The raw API command is an escape hatch that can send arbitrary Ghost API requests using the configured staff credentials, beyond safer resource-specific workflows.

User impactA mistaken or over-broad agent command could change, delete, or expose site data through any Ghost API endpoint the token can access.

RecommendationEnable this only for trusted agents and require explicit user confirmation for raw API, publish, delete, settings, theme, webhook, social, and other high-impact operations.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

references/member.md

`delete [options] <id>`... `import [options] <filePath>`... `export [options]`: Export members as CSV... `bulk [options]`: Run a bulk member operation.

Member deletion, import/export, and bulk operations mean one command can affect many subscribers or move sensitive business data at once.

User impactAn incorrect agent action could affect many members, subscriptions, or business records rather than a single item.

RecommendationUse backups, dry-run or preview steps where possible, and require explicit confirmation before member imports, exports, deletes, or bulk changes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

install spec

[0] node | package: @tryghost/ghst | creates binaries: ghst

The skill relies on an external npm package to provide the executable, and the provided install spec does not show a pinned version.

User impactInstalling without a version pin means future package changes could alter the behavior available to the agent.

RecommendationInstall from the official package source and consider pinning or reviewing the @tryghost/ghst version before enabling the skill.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

`GHOST_STAFF_ACCESS_TOKEN`... Add the variables directly to your `~/.openclaw/.env` file... `GHOST_STAFF_ACCESS_TOKEN="your-staff-access-token-id:secret"`

The skill clearly requires a Ghost staff access token and stores it in agent-accessible configuration; this is expected for the Admin API but is a powerful credential.

User impactAnyone or any agent with access to that token may be able to act with staff-level permissions on the Ghost site.

RecommendationUse a dedicated, revocable staff token if possible, store it only in trusted local configuration, avoid sharing logs/configs, and rotate it if exposure is suspected.