← 返回 Skills 市场
444
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jrb-remote-site-api-skill-repo
功能描述
Interface with WordPress sites via jrb-remote-site-api plugin for admin tasks, content CRUD, plugin/theme management, and Fluent suite integrations through R...
使用说明 (SKILL.md)
JRB Remote Site API Skill
Interface with WordPress sites running the jrb-remote-site-api plugin. This skill enables AI agents to perform administrative tasks, content management, and integration with the Fluent suite (CRM, Forms, Support, etc.) via a secure REST API.
Configuration
Required environment variables for targeting a site:
JRB_API_URL: The base URL of the site (e.g.,https://jrbconsulting.au)JRB_API_TOKEN: The secure API token configured in the plugin settings
Core Capabilities
1. System & Auth
- Ping: Verify connection and token validity.
- Site Info: Get WordPress version, active theme, plugin version, and capabilities.
2. Content Management (CRUD)
- Posts & Pages: Create, read, update, delete, and list. Supports custom statuses (draft, publish, private).
- Media: Upload and manage files in the WordPress Media Library.
3. Plugin & Theme Management
- Plugins: List, install, activate, deactivate, update, and delete.
- Themes: List active/available themes, switch themes, install from URL.
4. Fluent Suite Integration (Modules)
- FluentCRM: Manage contacts, lists, tags, and campaigns.
- FluentSupport: Professional ticket management and customer support.
- FluentProject: Task and project management automation.
- FluentBoards: Advanced board and task management.
Usage Patterns
Verification
curl -H "X-JRB-Token: \$JRB_API_TOKEN" "\$JRB_API_URL/wp-json/jrb-remote/v1/site"
Create a Page
curl -X POST -H "X-JRB-Token: \$JRB_API_TOKEN" \\
-H "Content-Type: application/json" \\
-d '{"title": "New Page", "content": "Hello World", "status": "publish"}' \\
"\$JRB_API_URL/wp-json/jrb-remote/v1/pages"
Installation
This skill is designed to work with the JRB Remote Site API WordPress plugin.
To install:
clawhub install jrb-remote-site-api
安全使用建议
This skill appears to be what it says (a wrapper for the JRB Remote Site API), but the published metadata does not declare the environment variables or credential file the SKILL.md and README say are required. Before installing: 1) Confirm the skill's publisher and the plugin sources (WordPress plugin page / GitHub) are legitimate. 2) Do not place site tokens in broadly accessible/shared config files; prefer per-site, least-privilege tokens and limit their scope. 3) Update your agent config to explicitly provide JRB_API_URL and JRB_API_TOKEN and verify the agent will only read intended credential files (inspect agent/tooling behavior). 4) If you need stronger assurance, ask the publisher for a clear install manifest and for the skill metadata to list required env vars and any config paths it will read. 5) Monitor actions taken by the agent (audit logs) when first using the skill. These steps reduce the risk that the agent will access or transmit credentials unexpectedly.
功能分析
Type: OpenClaw Skill
Name: jrb-remote-site-api-skill-repo
Version: 1.0.0
The skill is classified as suspicious due to its extremely broad and high-risk capabilities, particularly the 'Plugin & Theme Management' functions described in SKILL.md. The ability to install plugins and themes from arbitrary URLs on a target WordPress site presents a critical Remote Code Execution (RCE) vulnerability. While these capabilities might be intended for legitimate administrative tasks, they can be easily abused through prompt injection or a compromised agent to install malicious software, leading to full compromise of the target WordPress site. There is no direct evidence of intentional malicious behavior by the skill itself (e.g., exfiltration from the agent's host), but the inherent power granted makes it a significant security risk.
能力评估
Purpose & Capability
The skill claims WordPress admin and Fluent-suite integration via the jrb-remote-site-api plugin, which coherently requires a site URL and API token; however the published registry metadata lists no required environment variables or primary credential even though SKILL.md explicitly requires JRB_API_URL and JRB_API_TOKEN. This mismatch between declared metadata and actual runtime needs is unexpected.
Instruction Scope
SKILL.md contains concrete curl examples using JRB_API_URL and JRB_API_TOKEN and describes admin actions (content CRUD, plugin/theme management, media uploads). The README further suggests storing/looking up multiple site credentials in a .credentials/jrb-sites.json mapping and says the agent will 'look up' credentials — implying the agent may read local credential files/config that are not declared in the skill metadata. The instructions do not direct data to unexpected external endpoints, but they do imply filesystem access to agent credential storage without declaring or documenting that access.
Install Mechanism
This is an instruction-only skill (no install spec or code files). README points to the official plugin and GitHub repo and suggests 'clawhub install jrb-remote-site-api', but there is no bundled install that would place code on disk. Because nothing is downloaded or executed by the skill itself, install risk is low — however the guidance about using clawhub and the external plugin should be validated by the user (confirm plugin source and version).
Credentials
The runtime instructions legitimately require two secrets (JRB_API_URL and JRB_API_TOKEN). The skill metadata, however, declares no required env vars or primary credential. README also recommends storing multiple tokens in a .credentials file, which increases the places secrets may live. The absence of declared credential requirements in the registry is a proportionality/documentation mismatch and raises the risk of unexpected credential access by the agent.
Persistence & Privilege
The skill does not request always:true, does not include an install that writes persistent binaries, and does not claim to modify other skills or system-wide settings. Agent autonomous invocation is enabled by default but not unusual; nothing in the skill requests elevated persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jrb-remote-site-api-skill-repo - 安装完成后,直接呼叫该 Skill 的名称或使用
/jrb-remote-site-api-skill-repo触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Interface for remote WordPress administration via the JRB Remote Site API.
- Connect to and authenticate with WordPress sites using secure tokens.
- Full CRUD support for posts, pages, and media files.
- Manage plugins and themes (install, activate, update, delete, or switch).
- Integrate and automate tasks with the Fluent suite (CRM, Forms, Support, Project, Boards).
- Simple curl usage examples and installation instructions included.
元数据
常见问题
Jrb Remote Site Api Skill Repo 是什么?
Interface with WordPress sites via jrb-remote-site-api plugin for admin tasks, content CRUD, plugin/theme management, and Fluent suite integrations through R... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 444 次。
如何安装 Jrb Remote Site Api Skill Repo?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jrb-remote-site-api-skill-repo」即可一键安装,无需额外配置。
Jrb Remote Site Api Skill Repo 是免费的吗?
是的,Jrb Remote Site Api Skill Repo 完全免费(开源免费),可自由下载、安装和使用。
Jrb Remote Site Api Skill Repo 支持哪些平台?
Jrb Remote Site Api Skill Repo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Jrb Remote Site Api Skill Repo?
由 Joel(@jrbconsulting-joel)开发并维护,当前版本 v1.0.0。
推荐 Skills