Is wordpress-api safe?

https://clawhub.ai/byungkyu/wordpress-api

72
CAUTION

This WordPress.com API skill is a documentation-only package with no executable code, git hooks, or suspicious install behavior. However, its architecture routes all API traffic through a third-party proxy (Maton gateway) that holds WordPress OAuth tokens and has full visibility into all content operations. The skill also directs agents to install a companion api-gateway skill from the same author, expanding the trust surface. While not malicious, users should understand they are delegating WordPress access to Maton's infrastructure.

Category Scores

Prompt Injection 65/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (6)

HIGH All traffic proxied through third-party Maton gateway -25

Every API call routes through gateway.maton.ai rather than directly to WordPress.com. The user's MATON_API_KEY is sent as a Bearer token to Maton's infrastructure, and Maton holds WordPress OAuth tokens. This creates a man-in-the-middle architecture where Maton has full visibility into all WordPress content and operations.

MEDIUM Cross-skill referral to api-gateway from same author -15

The skill description directs the agent to use a companion skill (api-gateway) from the same author for non-WordPress APIs. This could expand the attack surface through skill chaining.

MEDIUM Extensive Python heredoc execution patterns -15

The skill uses python <<'EOF' heredoc patterns throughout, establishing a pattern where the agent executes Python code via shell to make authenticated API requests.

MEDIUM Sensitive file access during installation -15

The install monitoring detected reads of .env, .aws/credentials, and auth-profiles.json. While likely from the runtime environment rather than the skill itself, these accesses occurred during the skill installation flow.

MEDIUM Third-party trust chain creates compounding risk -20

Users must trust Maton's infrastructure security in addition to WordPress.com. Maton holds OAuth tokens, sees all content, and could modify API responses. Combined with the api-gateway skill referral, this creates a broad third-party dependency.

LOW Broad destructive operation scope -10

The skill documents delete operations for posts and OAuth connections without suggesting confirmation flows.