wordpress-security-validation

skills-sh:bobmatnyc_claude-mpm-skills__wordpress-security-validation

View source

40/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

40/100

HIGH 4

LOW 1

Findings (5)

HIGH

Resource URI manipulation MCP_003

mcp-attack L2162

Detects dangerous URI schemes or path traversal in resource fields

url
=
"javascript:

FIX

Implement strict input validation on the MCP tool's parameters. Block tool calls that attempt to modify the agent's system prompt, configuration, or tool definitions.

FP?

Likely FP if the match is a tool that legitimately updates configuration (e.g., a settings manager) and mentions prompt editing only for user-facing customization.

HIGH

Path traversal attempt SUPPLY_009

supply-chain L3642

Detects path traversal patterns targeting sensitive files, including URL-encoded variants

../../../../etc/passwd

FIX

Pin Git dependencies to specific commit hashes instead of branch names or tags. Branches and tags are mutable and can be updated to point to malicious code.

FP?

Likely FP if the Git reference points to a tagged release of a well-known repository, though tags are technically mutable.

HIGH

Private data read with code execution TOXIC_002

toxic-flow L716

Skill can read private data AND execute arbitrary code. This combination enables credential theft via dynamic code.

[reads_private_data] /etc/passwd + [executes_code] eval(

FIX

Add input validation between the user-controlled data source and the security-sensitive sink (e.g., file writes, command execution). Implement allowlisting for acceptable input patterns.

FP?

Likely FP if the user input passes through explicit validation or sanitization before reaching the sensitive operation, and the taint tracker missed the sanitization step.

HIGH

Destructive actions with code execution TOXIC_003

toxic-flow L3014

Skill has destructive capabilities AND can execute arbitrary code. This combination enables ransomware-like attacks.

[destructive] DROP TABLE + [executes_code] eval(

FIX

Isolate security-sensitive operations from untrusted data flows. Use separate execution contexts or privilege levels for operations that handle both user input and sensitive resources.

FP?

Likely FP if the toxic flow analysis connected two unrelated code paths, or if the data undergoes transformation that removes the taint (e.g., parsed as a known enum value).

LOW

Cargo or gem install from remote EXTDL_012

external-download L4364

Detects cargo install or gem install fetching packages from remote registries

gem
install
w

FIX

Pin Cargo/Gem packages to specific versions (e.g., cargo install tool@0.1.0, gem install tool -v 1.2.3). Use lock files for reproducibility.

FP?

Likely FP if the matched text is a very short fragment (3 words or fewer) or uses placeholder package names.