ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WordPress Remote News Publisher

v1.0.0

Automates news article creation and publishing to remote WordPress via SSH and WP-CLI, including image handling and SEO metadata integration.

1· 391·0 current·0 all-time
byEmilio Petrozzi@promoweb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md and the included scripts clearly need SSH access (WP_SSH_HOST, WP_SSH_USER, WP_SSH_KEY, WP_REMOTE_PATH, etc.), Unsplash API key, and binaries (ssh, scp, python3, convert). However the registry top-level metadata listed 'Required env vars: none' and 'Required binaries: none', which is inconsistent and misleading. The requested credentials (SSH private key path and Unsplash key) are coherent with the stated purpose, but the omission in registry metadata is a red flag for mismatched declarations.
Instruction Scope
The SKILL.md instructions stay largely within the stated purpose: generate articles, download and optimize an Unsplash image, SCP it to the remote server, and run WP-CLI remotely. Concerns: (1) It says 'If this fails, abort and notify via Telegram with error details' but provides no Telegram configuration or env var — that step is underspecified and could lead to ad-hoc messaging behavior. (2) SSH commands use '-o StrictHostKeyChecking=no', which disables host-key verification (convenient but insecure and increases MITM risk). (3) Temporary files are written under /tmp (e.g., /tmp/wp_article.json, /tmp/wp_media_id.txt) which is normal but review who can read /tmp on the environment.
Install Mechanism
There is no install spec (instruction-only plus packaged scripts). No remote downloads or archive extraction at install time. The code files are included in the skill package, so no external install URLs to audit — this is lower install-time risk.
Credentials
The environment variables required by the scripts (WP_SSH_HOST, WP_SSH_USER, WP_SSH_KEY, WP_REMOTE_PATH, WP_AUTHOR_ID, UNSPLASH_ACCESS_KEY, etc.) are proportionate to the functionality (remote SSH access and Unsplash access). The main issue is that the skill registry metadata did not declare these required env vars or binaries — a transparency/integrity problem. Also the skill requires the path to a private SSH key (sensitive); ensure that key has restricted scope and permissions and consider using a key with least privilege on the remote host.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills or system-wide settings. It runs when invoked; autonomous invocation is allowed by default (normal). It stores temporary state in /tmp (media ID, article JSON, post ID) but does not persist credentials or enable itself automatically.
What to consider before installing
This skill appears to perform what it says (generate articles, download an Unsplash image, and publish via SSH+WP‑CLI), but there are a few things you should verify before installing or running it: - Registry metadata mismatch: the skill package requires SSH and Unsplash credentials and certain binaries, but the registry entry lists none. Treat the registry info as incomplete and inspect the included SKILL.md and scripts (you already have them). - SSH key risk: the scripts require WP_SSH_KEY (a private key path). Only supply a key that is limited in scope on the remote host (not a full root or multi-service key). Prefer a deploy-only account and restrict commands allowed by that key if possible. - Host-key verification: the scripts set StrictHostKeyChecking=no (disables host key checks). This eases automation but increases MITM risk. Prefer to manually verify and pin the remote host key or remove that option once keys/hosts are trusted. - Telegram notification is referenced but no configuration is provided — confirm how notifications are implemented before relying on them. - Temporary files: artifacts (article JSON, media ID, cover metadata) are stored in /tmp. If you run this on a multi-user machine, be aware other users may read those files; consider changing locations or setting restrictive permissions. - Testing recommendation: run the scripts in an isolated environment first (a staging WordPress instance) with a restricted SSH key and a test Unsplash key. Review and, if desired, remove any insecure SSH options and ensure the remote WP user has limited privileges. If you need higher assurance, ask the publisher to update the registry metadata to list required env vars and binaries, and to document the Telegram notification mechanism and any remote privileges the SSH account requires.

Like a lobster shell, security has layers — review code before you run it.

latestvk9740kefsg907g8d6yx3a8nat9822a60

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments