v1.0.0

Publish-Mate

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

Publish-Mate appears purpose-aligned, but it should be reviewed carefully because it can use WordPress credentials to automatically publish public posts, upload images, and create categories or tags.

GuidanceInstall only if you intentionally want automated CMS publishing. Start with preview/dry-run or draft status, use a dedicated least-privilege WordPress account over HTTPS, review sources/images/content for quality and rights, check the schedule setting, and revoke the application password if you stop using the skill.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

`/auto-publisher` or `/auto-publisher publish` — Full pipeline: fetch → compose → upload images → publish ... Categories and tags are auto-created if they don't exist

The skill directs the agent to run a full pipeline that creates CMS posts, uploads images, and mutates categories/tags. That is purpose-aligned, but it is high-impact public publishing authority and the publish path does not require a final human content review.

User impactA mistaken, low-quality, copyrighted, or manipulated article could be posted publicly to the user's site, and the site taxonomy/media library could be changed.

RecommendationUse preview or dry-run first, configure WordPress status to draft/pending unless fully trusted, and require manual review before live publication.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; Install specifications: [0] uv

The package provenance is not identified in the registry metadata, while the skill is intended to run code and handle CMS credentials. This is not evidence of malicious behavior, but it is worth verifying before granting access.

User impactUsers have less provenance information to decide whether the code should be trusted with publishing credentials.

RecommendationReview the included source, verify the publisher identity if possible, and install only from a trusted registry/source.

Rogue Agents

SeverityLowConfidenceMediumStatusNote

setup.sh

"schedule": {
    "enabled": true,
    "cron": "0 9 * * *",
    "timezone": "Asia/Shanghai"
  }

The setup script writes an enabled daily schedule into the generated configuration, which is notable for an auto-publishing workflow even though it is disclosed and purpose-aligned.

User impactIf scheduling is used, the skill may publish repeatedly rather than only during a one-time manual run.

RecommendationDisable or adjust the schedule unless recurring publication is intended, and combine scheduled runs with draft/pending status or review controls.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/publish.py

password_env = config["platform"].get("app_password_env", "WP_APP_PASSWORD") ... self.password = os.environ.get(password_env) ... "Authorization": self.auth_header

The publisher loads a WordPress Application Password from the environment and sends it as the authorization credential for WordPress REST API actions.

User impactThe configured WordPress account can be used by the skill to create posts, upload media, and create categories/tags according to that account's permissions.

RecommendationUse a dedicated least-privilege WordPress user, require HTTPS for the site URL, store the application password carefully, and rotate or revoke it if uninstalling the skill.