← 返回 Skills 市场
benkalsky

Wordpress Api Pro

作者 Ben Kalsky · GitHub ↗ · v3.3.0 · MIT-0
cross-platform ⚠ suspicious
665
总下载
2
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install wordpress-api-pro
功能描述
WordPress REST API integration for managing posts, pages, media, and more on self-hosted WordPress sites. Use when you need to create, update, or retrieve Wo...
安全使用建议
This skill is functionally coherent for managing WordPress sites, but before installing or running it: (1) Verify the source — 'Homepage: none' and unknown source reduces provenance confidence; prefer a skill hosted on a trusted repository. (2) Do NOT pass app passwords on the command line; instead set WP_APP_PASSWORD and related variables in a secure environment — command-line args may be visible to other users via ps. (3) If using multi-site config/sites.json, store it securely (restrict filesystem permissions) and ensure it is excluded from version control. (4) Review the scripts locally (they are included) to confirm there are no unexpected network endpoints or telemetry. (5) Ensure you grant each application password least-privilege on WordPress, and rotate/revoke them if the config is compromised. (6) Ask the publisher to fix the manifest metadata to declare the required environment variables and to update examples so they don't encourage insecure CLI password usage. If you cannot validate the publisher or secure the credentials storage, treat this skill as higher risk and consider alternative, better-audited tools.
功能分析
Type: OpenClaw Skill Name: wordpress-api-pro Version: 3.3.0 The skill bundle provides a comprehensive set of tools for WordPress management but is classified as suspicious due to high-risk vulnerabilities in file and network handling. Specifically, scripts/upload_media.py and scripts/update_post.py allow reading arbitrary local files (via the --file and --content-file arguments) and fetching remote URLs without sanitization. In an agentic environment like OpenClaw, these features could be exploited via prompt injection to trick the AI agent into exfiltrating sensitive local data (such as ~/.ssh keys or environment configurations) to a remote WordPress site. While these capabilities are plausibly needed for the stated purpose, the lack of path validation and safety boundaries around filesystem access presents a significant security risk.
能力评估
Purpose & Capability
Name, description, and included scripts match a WordPress REST API management tool (posts, media, ACF, Elementor, WooCommerce, multi-site batch ops). The code and docs implement expected functionality.
Instruction Scope
SKILL.md and scripts require WordPress credentials (WP_URL, WP_USERNAME, WP_APP_PASSWORD) and instruct you to edit config/sites.json for multi-site credentials. Examples in the docs still show passing --app-password on the command line (which can expose credentials via process listings), even though the changelog claims this was fixed. The skill's runtime instructions and scripts read local config files containing credentials and will post to arbitrary wp-json endpoints — behavior consistent with purpose but sensitive, and the docs/examples are inconsistent about safe usage.
Install Mechanism
Instruction-only install (no install spec). The package includes standalone Python scripts; some use the 'requests' library (not bundled). No remote downloads or archive extraction are present in the provided manifest.
Credentials
Registry metadata lists no required env vars, but SKILL.md and the scripts clearly expect WP_URL / WP_USERNAME / WP_APP_PASSWORD (and optionally WooCommerce keys). The skill also encourages storing multiple app passwords in config/sites.json — which is functional for multi-site use but concentrates sensitive secrets on disk. Requiring per-site app passwords is proportionate to the feature, but the metadata omission and example usage that passes passwords on the CLI are mismatches that raise risk.
Persistence & Privilege
The skill does not request 'always' presence and does not modify other skills or system-wide settings. It's a user-invoked tool with no elevated platform privileges in the manifest.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wordpress-api-pro
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wordpress-api-pro 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.3.0
feat: Claude Code compatibility (CLAUDE.md + .gitignore)
v3.2.1
fix: align all slugs and URLs to wordpress-api-pro
v3.2.0
Elementor, media upload, WooCommerce
v2.1.0
Cleanup: removed unnecessary files
v3.0.1
**Added plugin integration and field management features.** - Added support for plugin detection and integration with ACF, Rank Math, Yoast, and JetEngine. - New scripts: `acf_fields.py`, `detect_plugins.py`, `jetengine_fields.py`, and `seo_meta.py` for managing custom fields and SEO meta. - Removed legacy documentation files `EXAMPLES.md` and `SECURITY.md`. - Updated documentation with usage examples for new scripts and plugin/field management. - Core REST API usage and authentication remain unchanged.
v3.0.0
- Added SECURITY.md with security policies and guidelines. - No changes to core code or functionality.
v2.0.2
No changes detected in this version. - Version 2.0.2 contains no file or documentation updates. - Functionality and documentation remain unchanged from the previous release.
v2.0.1
- Removed the PUBLISH.md file from the project. - No changes to functionality or documentation in this release.
v2.0.0
Major update: Adds multi-site management, enhanced authentication, and improved usage documentation. - Introduced support for multi-site management via CLI wrapper (`./wp.sh`) and batch scripts. - Expanded documentation with detailed setup, authentication (Application Passwords), and environment variable usage. - Added guides and examples for batch operations and managing groups of sites. - Enhanced support for Gutenberg blocks, custom fields, and full CRUD operations. - Clarified error handling, security recommendations, and noted limitations for different WordPress versions.
元数据
Slug wordpress-api-pro
版本 3.3.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 9
常见问题

Wordpress Api Pro 是什么?

WordPress REST API integration for managing posts, pages, media, and more on self-hosted WordPress sites. Use when you need to create, update, or retrieve Wo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 665 次。

如何安装 Wordpress Api Pro?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wordpress-api-pro」即可一键安装,无需额外配置。

Wordpress Api Pro 是免费的吗?

是的,Wordpress Api Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Wordpress Api Pro 支持哪些平台?

Wordpress Api Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Wordpress Api Pro?

由 Ben Kalsky(@benkalsky)开发并维护,当前版本 v3.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论