ClawHub

WordPress Remote News Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can automatically publish to a live WordPress site over SSH and uses risky SSH and temporary-file practices.

Install only if you control the target WordPress server and are comfortable giving this skill a dedicated, low-privilege SSH key. Keep cron disabled until tested, require human review before publishing, pin or verify the SSH host key, avoid root/admin SSH access, and replace shared /tmp state files with per-run private files before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'image_url' from requests.get (line 50, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# Download the image
    try:
        image_url = data['urls']['regular']
        img_response = requests.get(image_url, timeout=60)
        img_response.raise_for_status()
        
        with open(output_path, 'wb') as f:
Confidence
93% confidence
Finding
img_response = requests.get(image_url, timeout=60)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly disables SSH host key verification with StrictHostKeyChecking=no while performing SCP upload and remote WP-CLI administrative actions. This enables man-in-the-middle interception or redirection to an attacker-controlled host, which could expose the uploaded media, remote commands, and trust relationship to tampering.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill describes automated remote publishing, remote command execution, and local writes, but does not prominently warn that invoking it will modify a live WordPress site and filesystem state. In an agentic environment, weak disclosure increases the chance of unintended destructive or unauthorized actions because users may trigger it without understanding the side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal