ClawHub
Back to skill
v1.0.0

WordPress Remote News Publisher

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:16 AM.

Analysis

The skill is broadly aligned with WordPress publishing, but it needs careful review because it uses SSH credentials to change a remote site and builds some remote shell commands from generated article data without safe escaping.

GuidanceReview this skill before installing. If you use it, create a dedicated SSH key and low-privilege WordPress user, restrict what that key can do on the server, verify SSH host keys instead of disabling checks, and fix the publish script so generated article fields cannot alter remote shell commands.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/publish_wp_remote.sh
META_DESC=$(python3 -c "import json; d=json.load(open('$ARTICLE_JSON')); print(d['meta_desc'])") ... "wp post meta update $POST_ID _yoast_wpseo_metadesc '$META_DESC' --path='$REMOTE_PATH'"

Article metadata loaded from JSON is inserted into a remote shell command inside single quotes without robust escaping or argument separation. Tags and keywords are handled similarly.

User impactA malformed or manipulated tag, keyword, or meta description could break publishing or cause unintended remote shell/WP-CLI behavior on the WordPress server.
RecommendationAvoid building remote shell commands with interpolated content. Pass values through safely quoted files, use WP-CLI mechanisms that read from files/stdin, or apply strict validation and shell-safe escaping for all generated fields.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/upload_media_remote.sh
-o StrictHostKeyChecking=no

The SSH/SCP connection disables host key verification for remote WordPress operations. The same option also appears in the documented SSH verification command.

User impactThe agent could connect to an unexpected host if DNS or network routing is compromised, sending article files and running WP-CLI commands against the wrong server.
RecommendationRequire host key verification, pin the expected host key, or document a safe first-time setup step instead of disabling StrictHostKeyChecking by default.
Rogue Agents
SeverityLowConfidenceMediumStatusNote
SKILL.md
triggers:
  - cron: "0 10 * * 1-5"
  - cron: "0 16 * * 1-5"

The skill documents recurring weekday automation for a workflow that creates WordPress content. The included script creates drafts, which reduces public-posting impact, but the behavior is still recurring account mutation.

User impactIf enabled, the skill may repeatedly create WordPress drafts and upload media without a manual prompt each time.
RecommendationEnable scheduling only after testing manually, keep posts as drafts by default, and monitor created posts/media until the workflow is trusted.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
`WP_SSH_KEY` | Absolute path to SSH private key ... `WP_SSH_HOST` ... `WP_SSH_USER` ... `WP_AUTHOR_ID` ... `UNSPLASH_ACCESS_KEY`

The skill requires a local SSH private key and remote WordPress account context to operate, while the registry metadata declares no required environment variables or primary credential. This is high-impact account/server authority that may not be surfaced clearly at install time.

User impactInstalling or running the skill may give the agent practical ability to connect to a remote server and create or modify WordPress content using the configured account.
RecommendationUse a dedicated low-privilege SSH key and WordPress author account, restrict the key to WP-CLI-only actions where possible, and ensure the registry metadata accurately declares the required credentials.