← Back to Skills Marketplace
chirukinbb

Wopdpress AI Blogger

by Bogdan Chirukin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
582
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install wordpress-api-gutenberg
Description
Create, edit, and publish WordPress posts via REST API with full Gutenberg block support. Use when Codex needs to automate WordPress content publishing, gene...
Usage Guidance
This package appears to do what it says (create Gutenberg posts, upload media, manage categories/tags), but exercise caution before using it with real credentials or a production site. Key points to consider: - Registry metadata does not advertise the environment variables the scripts need (WP_URL, WP_USERNAME, WP_APPLICATION_PASSWORD). Treat that omission as a red flag: verify required variables and where they are stored before use. - Prefer creating a low-privilege WordPress account (capabilities: edit_posts, but not full admin) or use a scoped Application Password for the site instead of an admin password. - Review the included Python scripts locally before running. They perform filesystem reads (uploads) and network requests to the specified WP_URL; ensure you won't accidentally upload sensitive local files. - Avoid following the troubleshooting advice to disable SSL verification in production (verify=False) or to log full HTTP requests in environments where credentials or sensitive content might be recorded. - Test on a staging site first. Confirm behavior (what gets uploaded, what fields are set) and monitor server logs for unexpected activity. If you want higher confidence, ask the author/source for corrected registry metadata listing required env vars, or request a minimal example run showing only a safe demo against a known test site.
Capability Analysis
Type: OpenClaw Skill Name: wordpress-api-gutenberg Version: 1.0.0 The skill bundle is designed for legitimate WordPress REST API interactions. However, the Python scripts `scripts/media_uploader.py` and `scripts/wp_publish.py` exhibit a local file inclusion/disclosure vulnerability. Both scripts accept file paths for media uploads (via command-line arguments, CSV files, or JSON configuration). If an attacker can control these input paths, they could specify arbitrary sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). The scripts would then attempt to read these files and upload their content to the configured WordPress site, leading to unintended data disclosure. This is a significant vulnerability, not evidence of intentional malicious behavior by the skill author.
Capability Assessment
Purpose & Capability
Name/description match the included scripts: block generation, media upload, and post publishing via the WordPress REST API. The code implements the advertised features (Gutenberg serialization, media upload, categories/tags, publish workflow). However, registry metadata declares no required environment variables even though SKILL.md and the scripts clearly expect WP_URL, WP_USERNAME, WP_APPLICATION_PASSWORD (or username/password for JWT). This metadata omission is an inconsistency.
Instruction Scope
SKILL.md and the scripts remain within the stated purpose: they call WordPress REST endpoints, read files specified for upload, and serialize blocks. Some troubleshooting guidance recommends disabling SSL verification (requests.verify=False) and enabling verbose request logging; those are useful for debugging but increase risk of credential exposure if used indiscriminately. The instructions do not introduce obvious exfiltration endpoints or actions outside the WordPress domain.
Install Mechanism
No install spec (instruction-only) and no external downloads are present; risk from installation mechanism is low. The repository contains runnable Python scripts but nothing is being fetched from untrusted URLs at install time.
Credentials
The skill requires WordPress credentials to operate (application password or username/password) and expects a WP_URL, but the registry metadata lists no required env vars or primary credential — a mismatch that obscures the fact that secrets are necessary. The scripts also recommend logging requests (which can include sensitive info); combine this with missing metadata declaration and it increases the chance a user might hand over high-privilege credentials unknowingly.
Persistence & Privilege
Skill flags show no 'always:true' and it doesn't request permanent platform-level privileges. The scripts do file I/O for media uploads and read files the user instructs them to, but they do not attempt to modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wordpress-api-gutenberg
  3. After installation, invoke the skill by name or use /wordpress-api-gutenberg
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of WordPress REST API skill with Gutenberg support. - Enables creating, editing, and publishing WordPress posts programmatically using the REST API. - Full support for Gutenberg block serialization and compatible content structure. - Documentation for authentication via Application Passwords, JWT, and environment variables. - Includes guides for uploading media, managing categories, tags, featured images, and custom fields (ACF). - Provides error handling tips and troubleshooting references. - Example scripts and templates included for publishing pipelines and block generation.
Metadata
Slug wordpress-api-gutenberg
Version 1.0.0
License
All-time Installs 4
Active Installs 4
Total Versions 1
Frequently Asked Questions

What is Wopdpress AI Blogger?

Create, edit, and publish WordPress posts via REST API with full Gutenberg block support. Use when Codex needs to automate WordPress content publishing, gene... It is an AI Agent Skill for Claude Code / OpenClaw, with 582 downloads so far.

How do I install Wopdpress AI Blogger?

Run "/install wordpress-api-gutenberg" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wopdpress AI Blogger free?

Yes, Wopdpress AI Blogger is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Wopdpress AI Blogger support?

Wopdpress AI Blogger is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wopdpress AI Blogger?

It is built and maintained by Bogdan Chirukin (@chirukinbb); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments