WordPress Blog Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WordPress publishing helper, but users should treat it as capable of publicly posting content with WordPress credentials.

Install only if you intend to let this skill publish or schedule posts on a WordPress site. Use a dedicated low-privilege WordPress application password, provide only an HTTPS WordPress URL you control, and review generated article content before automated publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill uses WordPress credentials and performs outbound publication of article content, but the documentation does not clearly warn that content and media will be transmitted to a third-party service and may become publicly visible. In a blog automation context this behavior is expected, but without an explicit warning or confirmation requirement it can still cause accidental disclosure, unintended publication, or misuse of stored credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal