WordPress MCP
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a real WordPress admin helper, but it can make broad changes to a site, store, database, and social channels using a persistent bearer token, so it needs careful review and restriction.
Install only if you control the WordPress site and are comfortable giving the agent administrative access. Keep optional features such as Database, Plugins, Themes, Dynamic REST, WooCommerce, and Social Engine disabled unless needed; require explicit confirmation for destructive or public actions; and protect or rotate the bearer token stored in TOOLS.md.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent action could break a WordPress site, delete or publish content, change settings, alter code, or mutate business data.
The skill documents powerful administrative and escape-hatch capabilities that can alter site code, database contents, and arbitrary REST resources. These are disclosed and opt-in, but they are high-impact and not comprehensively bounded by approval or rollback guidance.
| **Plugins** | Off | Install, activate, update, and modify plugins | ... | **Database** | Off | Execute SQL queries on the WordPress database | ... | **Dynamic REST** | Off | Raw access to WordPress REST API |
Enable only the MCP feature groups you actually need. Require explicit user confirmation and backups before plugin/theme edits, database writes, raw REST calls, deletes, publishes, refunds, stock changes, or user/account changes.
Anyone or any agent workflow with access to that token could perform the enabled WordPress MCP actions for the site.
The bearer token is the credential used to authorize MCP actions, and the skill recommends storing it persistently in a local agent-readable file. The artifacts do not describe token scoping, least privilege, file protection, or rotation.
A **Bearer Token** set in MCP settings ... Connection details should be stored in the user's `TOOLS.md`: ... **Bearer Token:** <token from AI Engine MCP settings>
Use a dedicated, least-privileged token or account if supported, keep TOOLS.md private, avoid sharing it in prompts or logs, and rotate/revoke the token if exposure is suspected.
If the endpoint is wrong, insecure, or shared, commands or sensitive WordPress data could go to the wrong place.
The skill uses JSON-RPC over HTTP to a user-configured MCP endpoint with bearer authentication. This is expected for the purpose, but it means site data and administrative commands flow through that endpoint.
curl -s -X POST <MCP_URL> \ -H "Authorization: Bearer <TOKEN>" \ -H "Content-Type: application/json"
Verify the MCP URL and domain, use HTTPS, keep separate tokens per site, and avoid using this with untrusted WordPress installations.