← Back to Skills Marketplace
Wordpress Auto Publish Clean
by
rainco2008
· GitHub ↗
· v1.0.0
· MIT-0
65
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install test-wp
Description
Automatically publish Markdown articles to WordPress blog via REST API
Usage Guidance
This package appears to do what it says (publish Markdown to WordPress), but there are important caveats: 1) The skill metadata does not declare the WordPress credentials it actually requires—expect to supply WORDPRESS_URL and either an application password or credentials (or configure config.js). 2) Review any shell scripts (scripts/setup-wordpress.sh, install-jwt-complete.sh, etc.) before running them — they may attempt changes on the target server or assume you run them on the WordPress host. 3) Do not provide site admin credentials to the skill unless you trust the code: create a dedicated user with the minimal permissions needed and prefer WordPress application passwords (not your main login password). 4) If you will run scripts on a machine you control, inspect them locally first and run npm install only after reviewing package.json. 5) If you need help assessing specific files (e.g., setup scripts or any file that touches remote endpoints), share those files and I can analyze them line-by-line.
Capability Analysis
Type: OpenClaw Skill
Name: test-wp
Version: 1.0.0
The skill bundle contains multiple hardcoded credentials (application passwords and basic auth strings) for a specific external domain (openow.ai) and user (inkmind) across several files, including 'final-test-publish.sh', 'simple-publish-test.sh', and 'test-app-password-publish.sh'. While the core functionality of publishing Markdown to WordPress is consistent with the description, the inclusion of active credentials and an excessive amount of diagnostic and testing scripts targeting a specific live site is a significant security risk and highly irregular for a generic skill. It appears to be a raw development environment dump rather than a curated production skill.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description match the included files: numerous Node scripts perform REST API publishes, media uploads, category/tag management, JWT and app-password flows. That capability is coherent with the stated purpose. However, the skill metadata declares no required env vars or primary credential while the code and README clearly expect WordPress credentials (application password or username/password/JWT) configured in config.js or via environment variables—this mismatch is unexpected.
Instruction Scope
SKILL.md and README instruct running tests, publish scripts, and included setup scripts (e.g., scripts/setup-wordpress.sh, install-jwt-complete.sh). The instructions focus on WordPress integration and do not request unrelated system data, but they do instruct execution of bundled shell scripts and many helper scripts that could modify a WordPress host or perform network calls. The guidance to 'review full source' is good, but running setup scripts without inspection could have side effects.
Install Mechanism
There is no install spec (instruction-only), which is lower risk than fetching arbitrary remote binaries. The repository contains many scripts that would be executed locally by the user. No remote download/install steps are declared in the skill metadata itself.
Credentials
Metadata lists no required environment variables or primary credential, but the code and README expect WORDPRESS_URL, WORDPRESS_USERNAME, WORDPRESS_PASSWORD (or app password / JWT credentials) and a config.js. Requiring admin credentials for a WordPress site is appropriate for this functionality, but the metadata omission is a mismatch and could mislead users. The number of sensitive values implied (username/password, app passwords, JWT secrets) is proportionate to the task, but must be explicitly declared and handled carefully.
Persistence & Privilege
The skill does not request always: true and does not claim system-wide persistence. It writes logs and can create local files (reports, logs) but does not request elevated agent privileges. Autonomy (model invocation) is enabled by default but not unusual; it is not combined with always:true or broad undeclared credential access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install test-wp - After installation, invoke the skill by name or use
/test-wp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of wordpress-auto-publish skill.
- Automatically publishes Markdown articles to WordPress blogs via the REST API
- Supports batch processing for multiple articles
- Manages draft and published status
- Handles categories and tags for posts
- Includes featured image upload functionality
Metadata
Frequently Asked Questions
What is Wordpress Auto Publish Clean?
Automatically publish Markdown articles to WordPress blog via REST API. It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.
How do I install Wordpress Auto Publish Clean?
Run "/install test-wp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Wordpress Auto Publish Clean free?
Yes, Wordpress Auto Publish Clean is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Wordpress Auto Publish Clean support?
Wordpress Auto Publish Clean is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Wordpress Auto Publish Clean?
It is built and maintained by rainco2008 (@rainco2008); the current version is v1.0.0.
More Skills