ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WordPress Blog Automation

v1.0.1

Automated WordPress blog publishing with scheduling

0· 452·1 current·1 all-time
byCarl Luis Olivier@wespeakallday
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (WordPress publishing + scheduling) aligns with the included index.py which implements publishing via the WordPress REST API. However the SKILL.md references formatter.py and scheduler.py (and additional dependencies such as markdown2/mistletoe) which are not present in the bundle, and the SKILL.md version (1.0.0) differs from registry metadata (1.0.1). These omissions are unexplained and reduce confidence in the package completeness.
Instruction Scope
SKILL.md instructs reading an ARTICLE_JSON path, converting markdown to HTML, uploading images, and scheduling. index.py implements reading a provided article JSON, converting content to HTML, and posting to WordPress; it writes a local failure HTML and appends a log file. The SKILL.md mentions webhooks/cron triggers and image uploads, but index.py has no explicit media upload or scheduler implementation. The code will read arbitrary file paths supplied as --article and write logs/failed HTML to disk — expected for this task but worth noting.
Install Mechanism
No install spec — instruction-only plus a single Python file. No downloads or package installs are performed by the skill itself, which minimizes install-time risk.
Credentials
No required environment variables are declared. Credentials are accepted as CLI args (WP username and application password), which is proportionate for a WordPress publishing tool. The SKILL.md lists WP-related inputs (WP_URL, WP_USERNAME, WP_APP_TOKEN) consistent with the code. There are no unrelated credentials requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does not modify other skills or system-wide config; it only writes local logs/failed HTML files as part of its normal operation.
What to consider before installing
This package mostly does what it says — it posts article JSON to a WordPress site using Basic auth and writes local logs on failure. Before installing consider: 1) The SKILL.md mentions additional files (formatter.py, scheduler.py) and dependencies that are missing; ask the author for the complete bundle or updated docs. 2) Provide WP credentials only for sites you control or staging instances; app passwords grant post privileges and should be scoped and rotated. 3) The script uses HTTP Basic (base64) headers — ensure you call an HTTPS WP_URL to protect credentials in transit. 4) The tool reads arbitrary article file paths and writes logs/failed HTML locally — avoid pointing it at sensitive directories and review log handling so tokens are not accidentally recorded. 5) If you need scheduling or media upload, verify those features exist in the full package (they are referenced in docs but not implemented in index.py). If the maintainer cannot explain the missing files or supply a complete, reviewed package, treat this skill as incomplete and avoid running it with real credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eg119zbqdzkznzs14m8ek1s82923q
452downloads
0stars
2versions
Updated 7h ago
v1.0.1
MIT-0
Carl Luis Olivier@wespeakallday
latest
Download

Blog Automation Skill

Overview

Scheduled blog publishing system that publishes generated articles to WordPress.

Purpose

  • Convert articles to WordPress HTML format
  • Schedule posts for optimal timing
  • Handle image embeds and SEO tags
  • Publish via WordPress REST API

Input Variables

VariableDescriptionExample
WP_URLWordPress site URLhttps://paylesstax.co.za
WP_USERNAMEWordPress API usernameblog_manager
WP_APP_TOKENApplication password(configured in OpenClaw)
ARTICLE_JSONPath to generated article./article.json
SCHEDULE_TIMEOptional publish time2025-03-15T09:00:00
CATEGORIESPost categories[Tax, Compliance]
TAGSPost tags[SARS, 2026]

Workflow

  1. Load article JSON from generator
  2. Convert markdown to HTML
  3. Upload images (if any) to WordPress media
  4. Create WordPress post via REST API
  5. Log result to memory file

Triggers

  • Cron schedule (e.g., daily at 8am)
  • Manual CLI execution
  • Post-generation webhook from article generator

APIs & Dependencies

  • WordPress REST API v2
  • requests library for HTTP
  • markdown2 or mistletoe for MD->HTML

Output

{
  "status": "published|scheduled|failed",
  "wordpress_id": 12345,
  "url": "https://site.com/blog/post",
  "timestamp": "2025-03-02T05:03:19"
}

Files

  • index.py - Publishing logic
  • formatter.py - MD to HTML conversion
  • scheduler.py - Cron/schedule management

Comments

Loading comments...