wordpress-uploader

This skill is mostly coherent with its stated WordPress publishing purpose and uses official WordPress auth/API concepts, but it relies on unreviewed local Python wrapper scripts and direct ~/.env credential access. That makes it suspicious-but-not-malicious: the main risk is unverifiable local execution around sensitive publishing credentials, not obvious exfiltration or deceptive routing.