wordpress-remote-cli

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is coherent with its stated purpose: it interacts directly with WordPress /wp-json endpoints, stores site credentials locally, and provides content serialization and media upload capabilities. No hardcoded secrets, obfuscated payloads, or third-party proxying of credentials are present in the documentation. The principal supply-chain risk is the installer pattern (curl | bash from raw.githubusercontent.com) — acceptable practice for many OSS projects but high-risk if the remote repo is compromised. Operators should audit the install script before running it and ensure local config file permissions are secure. Use the tool only against trusted WordPress instances. Overall I find no clear malicious behavior in the provided files; risks are moderate and operational. LLM verification: Based on the provided SKILL.md content alone: the skill's declared capabilities line up with its stated purpose, and the requested inputs (WordPress host and app password, stdin, files) are proportionate. The main supply-chain risk is the recommended install method using 'curl ... | bash' from a raw.githubusercontent.com URL: this pattern executes remote code without local verification and should be treated as suspicious. There is no direct evidence in this document of credential exfiltration, o