Security audit
WordPress Content REST API
Security checks across malware telemetry and agentic risk
Overview
This skill is narrowly scoped to WordPress content management and clearly discloses its credential and write-access requirements.
Install this only for WordPress sites you control or are authorized to manage. Use least-privilege application passwords or scoped bearer tokens, verify staging versus production before writes, keep the dry-run/read-before-write workflow, and require explicit approval for publishing, deletion, media uploads, taxonomy creation, or bulk updates.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
