wp-malware-remediation

Cleans and remediates PHP malware in WordPress sites on Linux servers, ensuring complete security and restoration of compromised sites.

Install this skill

0/100

Security score

The wp-malware-remediation skill was audited on Jun 10, 2026 and we found 23 security issues across 3 threat categories, including 11 critical. Review the findings below before installing.

Categories Tested

Security Issues

high line 187

Eval function call - arbitrary code execution

SourceSKILL.md

187	eval(base64_decode("...")); ← eval inyectado como primera línea

critical line 406

Eval function call - arbitrary code execution

SourceSKILL.md

406	\| Base64 largo \| `eval(base64_decode("aWYoaX..."))` \| `OBFUSC_LARGE_BASE64_STRING` \| 65 \|

critical line 414

Eval function call - arbitrary code execution

SourceSKILL.md

414	\| PDF spoof \| `%PDF-1.0 <?php eval(...)` \| `OBFUSC_PDF_HEADER_SPOOF` \| 85 \|

critical line 417

Eval function call - arbitrary code execution

SourceSKILL.md

417	\| Eval anidado \| `eval($var($var(...)))` \| `EVAL_NESTED_VAR_CALL` \| 85 \|

critical line 525

Piping content to bash shell

SourceSKILL.md

525	\| `wp_backup_db.sh` \| Backup BD MySQL: autodescubre wp-config, dump+gzip, lock, logs \| Bash \|

critical line 526

Piping content to bash shell

SourceSKILL.md

526	\| `wp_reemplaza.sh` \| Restauración WP core: backup BD+core, rsync, permisos, detección versión \| Bash \|

critical line 527

Piping content to bash shell

SourceSKILL.md

527	\| `fix_permissions.sh` \| Permisos: 755/644/600/711, auto-detecta grupo (CWP/PHP-FPM vs cPanel), dry-run, verbose, por usuario, CWP/cPanel \| Bash \|

critical line 528

Piping content to bash shell

SourceSKILL.md

528	\| `malware_scan.sh` \| Triage rápido: grep firmas, PHP uploads, recientes, nombres, permisos 777 \| Bash \|

critical line 529

Piping content to bash shell

SourceSKILL.md

529	\| `wp_security_scan.sh` \| Cuarentena básica: mueve sospechosos, diff WP core, archivos recientes \| Bash \|

critical line 530

Piping content to bash shell

SourceSKILL.md

530	\| `wp_db_scan.sh` \| Escaneo BD: inyecciones wp_options, SEO spam wp_posts, admins maliciosos, transients \| Bash \|

critical line 531

Piping content to bash shell

SourceSKILL.md

531	\| `cron_check.sh` \| Detección crontabs maliciosos: wget/curl reinstalación, 16 patrones, `--fix` \| Bash \|

critical line 532

Piping content to bash shell

SourceSKILL.md

532	\| `remediate.sh` \| Orquestador pipeline: 7 fases backup→scan→db→cron→clean→restore→verify→permisos \| Bash \|

medium line 566

Webhook reference - potential data exfiltration

SourceSKILL.md

566	\| 7 \| Notificaciones — email/webhook cuando escaneo programado detecta malware nuevo \| Medio — monitoreo periódico \| 🔲 Pendiente \|

medium line 3

Base64 decode operation

SourceSKILL.md

3	description: "Analizar, detectar y limpiar malware PHP en sitios WordPress alojados en servidores Linux (CWP/cPanel). Cubre el ciclo completo: triage, backup, escaneo heurístico, clasificación de hall

low line 187

Base64 decode operation

SourceSKILL.md

187	eval(base64_decode("...")); ← eval inyectado como primera línea

medium line 406

Base64 decode operation

SourceSKILL.md

406	\| Base64 largo \| `eval(base64_decode("aWYoaX..."))` \| `OBFUSC_LARGE_BASE64_STRING` \| 65 \|

high line 116

Hex-encoded characters

SourceSKILL.md

116	- Detecta y extrae PHP embebido dentro de archivos ZIP (magic bytes `PK\x03\x04`)

medium line 186

Hex-encoded characters

SourceSKILL.md

186	@include "\x2f..."; ← include ofuscado al inicio del archivo

high line 396

Hex-encoded characters

SourceSKILL.md

396	El scanner detecta archivos con magic bytes ZIP (`PK\x03\x04`), extrae cualquier archivo `.php` contenido y lo escanea contra todas las firmas. Agrega `CONTAINER_ZIP_EMBEDDED_PHP` (90pts).

high line 407

Hex-encoded characters

SourceSKILL.md

407	\| Hex strings \| `"\x65\x76\x61\x6c"` (≥20 escapes) \| `OBFUSC_HEX_STRING` \| 70 \|

high line 409

Hex-encoded characters

SourceSKILL.md

409	\| Comment+Char-index \| `/\x00\x01/("ab")[0].` combo \| `OBFUSC_COMMENT_FUNC` \| 85 \|

high line 413

Hex-encoded characters

SourceSKILL.md

413	\| GLOBALS hex \| `$GLOBALS["\x00\x01"]["\x02"]()` \| `OBFUSC_GLOBALS_HEX_DISPATCH` \| 90 \|

high line 427

Hex-encoded characters

SourceSKILL.md

427	2. Hex: `echo -e "\x65\x76\x61\x6c"` o `php -r 'echo "\x65\x76\x61\x6c";'`

Scanned on Jun 10, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

openclaw backend devops backend-developer security-engineer devops-sre technical-support customer-success-manager development support sales

maitret/WordPress_MalwareScanner